This week’s five is a weekly column on five recent reads from all over the web. This week, we’ll talk about security information and event management (SIEM).
Poor exam proctors. Imagine 30 to 40 people in a room, all scratching their heads and writing frantically. A proctor’s job is to keep an eye on everyone and make sure that nobody cheats. Now, imagine this room is a hundred times larger, with thousands of people writing. Let’s call it a hyper-class. Keeping an eye on everyone would take hundreds of proctors, right? Or, it could just take one tool: Software to keep track of each individual’s activity. Which option sounds better? You decide.
Now, imagine this whole scenario at the enterprise level. This hyper-class is your business. Students are your employees. Proctors are your security professionals. And the software we’re talking about is for security information and event management (SIEM). With this in mind, it’ll be easier to discuss exactly how important SIEM is for your organization. Let’s begin.
[To learn more about SIEM’s role in security, click here.]
It gives you visibility beyond incidents.
What if, after the exam, the proctor finds out that almost half of the hyper-class has written exactly the same answer? Fishy, right? But if you’re using software, you should have activity logs for each student, which means you can easily figure out who copied what from where. SIEM does the exact same thing for your organization. With log forensics, reports on user activity, regulatory compliance, and historical trends, it gives you visibility beyond actual incidents. According to the Ninth Log Management Survey Report by SANS Institute, 60 percent of organizations polled report storing one terabyte of logs per day. Surely this is enough data to investigate what happened, why, and what all was affected.
[To learn more about SIEM’s role in visibility, click here.]
It helps you secure big data.
Suppose there are people in your class who are not supposed to be there taking exams for real students or even leaking questions. And what would be even worse? Students who are supposed to be in your class, leaking questions. This situation is essentially the same as having an external or internal threat in your organization cause a data breach. Let’s see how SIEM can help.
The CSA recently published a list of 100 Best Practices in Big Data Security and Privacy, which included 10 major challenges for big data security. One of them was “monitoring security and compliance in real time.” Thankfully, this challenge can be easily handled with real-time event correlations and alerts. Let me explain with the help of an example. Suppose a privileged user, who usually logs in from 9am to 6pm, suddenly logs in at midnight from a different location. And then there are some failed log in attempts. A smart SIEM solution will detect that the logs are from different sources. Then, it will correlate these logs and, if something strange is detected, raise an alarm. Problem solved (or detected, at least).
[To learn more about major challenges for big data security, click here.]
It prepares your IT for the IoT.
According to Gartner, there will be almost 21 billion connected devices by 2020. That’s not a hyper-class; that’s the whole world in a classroom with three devices each. But forget the next four years—by the end of 2016, there will be 6.4 billion connected devices. Just imagine how much log data will be generated! There’s no way security pros alone can watch over such vast data, even with the help of software. At that point, software has to take certain things into its own hands. The term for that is “Process automation,” and it makes for smart SIEM. A smart SIEM tool can only be called so if it can automatically collect logs from various sources, analyze them from a security standpoint, correlate them with one another, and warn you of upcoming incidents.
[To learn more about IoT preparations, click here.]
SIEM is not a new thing for IT professionals. But many of them don’t take into account how much has it evolved and where it may be going in the future. Today’s SIEM is very different from what it was just a few years ago. But what hasn’t changed? It’s still just as useful, if not more so. SIEM is still making lives easier for a lot of IT proctors.
[Check out some info on the Sage data breach and how SIEM could’ve helped avoid it right here.]
Check out last week’s five here.