How do you manage your security incidents and events?
How do you manage your security incidents and events?
06 August 2022
06 August 2022
Embedded Files
Security Information and Event Management (SIEM) is a cyber security solution that enables businesses to detect and handle potential threats by enabling a centralised log management. SIEM (pronounced “SIM”) tools integrate with the IT environment (servers, systems, network routers, applications, firewall software, databases etc.) to detect, monitor, log and evaluate security events or incidents in real-time.
Considering the amount of data generated across the IT environment, SIEM is an important tool for Security Operation Centres (SOCs). SIEM typically analyses several attributes such as IP addresses, event types, processes, users etc. for anomalies and deviations against defined rules to identify potential threats. Some of the potential benefits for SIEM include:
Visibility & Dashboard: Consolidating logs across your IT environment (whether on-premises, hybrid or cloud), which provides deeper insight into your security activities and posture in real-time.
Threat detection: SIEM is capable of correlating and analysing high volume of data against rules in seconds to detect unusual behaviours.
Increased efficiency: SOC analysts can easily identify potential threats as SIEM collates, analyses and categorises data across the IT environment in a single interface and provides real-time notifications.
Regulatory compliance: Several regulations require that logs be stored for a certain period for audit purposes. Furthermore, regulators expect that businesses are able to detect and respond to threats. SIEM enables the storage and management of log data as well as generation of simplified compliance reports to meet regulatory requirements.
Businesses that are looking to adopt SIEM have to take into consideration:
Cost: The initial investment can be high and requires technical expertise to implement.
Time to implement: Takes a long time to integrate across the IT environment.
Configuration effort: Requires considerable effort to install, configure and tune the SIEM.
Resources: Requires dedicated resource for continuous monitoring and tuning.
Nevertheless, the benefits of SIEM outweigh the cons and its relevance for any business irrespective of the size cannot be overemphasised. For additional benefits, business should also consider:
Using SIEM alongside SOAR (Security Orchestration Automation and Response)
Using a SIEM tool that includes UBA1/UEBA2
1 – UBA: User and Behavior Analytics
2 – UEBA: User and Entity Behavior Analytics
Page updated
Google Sites
Report abuse