The cyber security landscape has never been more troubling. Data theft, malware, industrial espionage, distributed Denial-of-Service attacks, ransomware: businesses must constantly be on their guard against cyber security threats. Rightly, they’re worried about the consequences of a successful cyber attack’s reputational damage, business disruption, lost data, and loss of business.
The challenge? Securing businesses against cyber attacks is difficult. A midsized business might have hundreds of devices, known as ‘end points’, to secure and keep safe.
Every email, every website visited, every incoming data file, every outside visitor or contractor: each represents a potential threat. Securing the server room is one thing; locking down the entire business is quite another.
And, as the saying goes, an attacker only has to get lucky once. You, and your business, must remain lucky permanently.
Or face the prospect of your business being locked out of its data, forced to negotiate with an overseas gang of cyber criminals about the size of the bitcoin ransom that you’ll have to pay to regain access to your data.
Missed alarms
Just as cyber security threats have evolved over the years, so too have businesses’ cyber defence tools and technologies.
A myriad of tools and technologies exist to monitor and secure endpoints, watch for suspicious file and data activity, monitor which programs and systems are running, and monitor which files are being accessed, and by which systems or which people.
The problem? Monitoring and managing all the resulting data. Time and again, when businesses are hacked, it turns out that cyber security tools had actually detected the threat—but nobody had looked at the warnings, or that alarms had simply been switched off or ignored.
Monitoring multiple cyber security tools, it turns out, is surprisingly difficult.
This is why growing numbers of businesses are turning to yet another layer of defence: Security Information and Event Manager (SIEM) technology. And in particular, managed SIEM.
What is a SIEM?
A Security Information & Event Management (SIEM) tool is a log management and security monitoring tool, designed to give users visibility of security events inside an organisation’s network.
Essentially, a SIEM tool aggregates all the event log data from those multiple security ‘point solutions’—as well as the underlying business systems and network devices themselves—and present businesses with a single security viewpoint.
Think of it as a security dashboard: all you need to see, in one location.
And it’s not just the raw log data, either. SIEM solutions intelligently analyse that data, comparing it with your business’s usual network norms, and flagging abnormal behaviour or beginnings of a potential cyber attack. Event logs are rich in data—but the key to detecting an IT security breach lies in intelligently analysing all those event logs.
As such, the logic of a SIEM system is attractive and compelling. It’s a different kind of security solution: rather than providing passive protection in much the same way as an anti-virus or anti-malware solution might, SIEM provides intelligent and active 24/7/365 monitoring of the event logs being generated by the systems and devices across your entire IT landscape, providing a threat warning capability that’s as near real-time as it’s possible to be.
No wonder SIEM systems are proving popular. According to technology analyst firm Gartner, for instance, the SIEM market is now worth $4.1 billion.
Michael Lamb
