Cyber-security is not something an organisation can do half-heartedly. Looking for attacks in the wrong place or just a momentary lapse of attention can easily lead to a breach, with potentially terminal consequences.
A Security Information and Event Management (SIEM) platform, if configured and monitored correctly, can play a significant role in enabling security analysts to identify attacks before or as they happen, enabling a faster reaction.
The evidence of an impending or current attack is all contained within the log data generated by your organisation’s technology infrastructure, from host systems and applications, to network and security devices. That’s a lot of data to look at. Security analysts are only human. This task will be time-consuming, with the potential to be rather tedious. A recipe for attentions to wander.
A SIEM takes up the load of collecting and aggregating all the relevant data, presenting it to your analysts in a form that helps them quickly spot suspicious behaviour that requires further investigation or an attack in progress that needs to be stopped.
The SIEM will report on all security-related incidents and events, such as multiple login attempts, or patterns of activity that could be malware at work. If the solution recognises activity running contra to behavioural norms, indicating a potential security threat, analysts will receive an alert that includes a detailed report on the incident.
A SIEM could be used as a tool to help with regulatory compliance – it certainly does that – but it offers much more. It can form the foundation of your security strategy and organisations are increasingly recognising that to be so.
According to Gartner, SIEMs are the fastest growing segment of the security solution market. During 2017, we commissioned an independent research firm to survey IT managers at 100 mid-sized enterprises. They found that over a third (36%) had implemented a SIEM in the last two years.
While SIEM adoption is accelerating, our survey revealed around 28% of organisations still did not have one. Given the growing sophistication of attacks and frequency of security breaches, as well as increasingly complex and disbursed IT environments, we predict latecomers will soon see the value of a SIEM and start planning to implement one, either on-premise or ‘as a service’, which is making SIEM use more accessible to organisations, regardless of their size.
To find out more about our research, download our whitepaper on Effective Cyber Security Management