11Dec 2013

1178

0

SIEM

Cloud, Services, SIEM by Digital Planet

What is SIEM and why do I need it?

SIEM stands for Security Incident and Event Management. SIEM technology provides real-time collection, analysis and alerting against logs generated by hardware and applications. Digital Planet combines this with configuration and asset collection on devices providing alerting and reporting on security events and policy violations including records of changes made to devices.

For organisations to store particular types of information, such as personal details or payment information, the organisation must comply with different standards of security policies. For example; requirement 10 of PCI DSS standards, which all companies storing payment data must comply with, stipulates that the organisation must track and monitor all access to network resources and cardholder data. Monitoring this level of access to systems is a significant task when there is a multitude of different hardware and application vendors, many of which may have proprietary logging standards.

Let me explain where SIEM comes into its own with a scenario:

At 00:41 on a Friday morning, regular ‘9-5’ customer service worker, Joe Blogs, logs into the corporate VPN. He then gains access to a server using a service account that, against company policy, was granted full domain admin access. While connected to the server, he sets a registry key to trigger a script on the next server reboot and then logs off. The following morning Joe announces his resignation and that he is taking a position at a competing firm. The changes Joe has made exposes the organisation to a range of potential risks which could have serious repercussions for the company. These include data destruction or data theft or many other malicious activates.

A scenario such as this, while visible in logs across multiple systems, would often go completely unnoticed in an organisation. Why? This is more than likely due to the fact that these logs are dispersed across the business and that an individual log entry, in isolation would not be flagged as a potential security risk.

So how would SIEM have alerted us in this scenario?

  • All logs are collected to a central location allowing for easier analysis.
  • Using intelligent analytics anomalies are indicated through comparison of firewall logs which cross reference departmental shift patterns.
  • Potential breaches of security policy are detected when the presence of privileged accounts is identified.
  • Compromised server configuration is compared to previously collected configuration. This determines exactly what changes were made.
  • Weeks, months or even years down the line, far beyond the log retention period on any of the devices, the breach is discovered. The data collected in SIEM is still available and can be used to provide evidence of who made the change as well as compiling a forensic log of the changes.

 

Every year Gartner Research, the world’s leading information technology research and advisory company, produces a report on the leading SIEM applications. The report ranks applications based on their ‘completeness of vision’ and the ‘ability to execute’. The contenders then fall into one of four categories, niche players, challengers, visionaries and the much coveted leaders category, also known as the ‘magic quadrant’. John Pescatore, Vice President in Gartner commented “Security programs need to move from reactively monitoring log events to developing situational awareness that supports rapid reaction and threat analysis along with continuous monitoring of security status.” Digital Planet has partnered with selected SIEM vendors in order to provide a complete security solution to its customers.

As the trend moves towards cloud, security of information stored in the cloud becomes more important than ever. In order to perform this task efficiently and effectively, logging across an organisation needs to be centralised allowing it to be indexed and easily searchable. Intelligent rule sets can then be applied to the incoming events to detect anomalies, suspicious activity or attack attempts. SIEM will also retain the collected logs far beyond the retention period of the source devices, providing secure unalterable evidence of all activity within an organisation.

By assessing customers’ business needs and regulatory requirements Digital Planet can determine the best suited SIEM solution for the organisation. Thanks for reading. If you like what you have read and are interested in speaking to us about SIEM or would like to ask me a question, feel free to email us.

Related Posts

If you want to know more about how your organisation will benefit from Private Cloud, talk to the Digital Planet team, Ireland’s ‘Cloud Partner of the Year 2018’ Why Enterprises Are Choosing Private Cloud
Cloud by Digital Planet

Gartner’s latest IT spending forecast shows that spending on cloud system infrastructure services (IaaS) will grow from $39.5 billion in 2019 to $63 billion through 2021. Our team has previously explored the many versions of cloud that can be implemented; the general advantages and challenges to each. Yet, private cloud remains the steady element in […]

TechLive Digital Planet Will Be At TechLive 2019
Cloud, Events, In the News, Networking and Security by Digital Planet

Digital Planet will take part of the new TechLive event on Thursday 21st February at Croke Park.   Established by TechCentral.ie, the ICT event, ‘How the Business of ICT will be done‘ is a new hybrid channel presenting a host of IT solution providers and top technology vendors, distributors and resellers that are developing expertise […]

Your Key to the Cloud Glossary by Digital Planet Your Key to the Cloud: A Glossary Guide Part Two
Cloud, Useful information by Digital Planet
Following the successful release of Digital Planet's Cloud Glossary 'Your Key to the Cloud', our team have brought you another instalment. The IT industry is awash with confusing jargon. If you're not directly working with tech or part of an IT team, most don't understand common phrases. Like law, IT has adopted its own line [...]
Barriers to Cloud Culture Adoption 4 Cloud Culture Barriers That Companies Face & Why
Cloud by Digital Planet

Cloud computing is no longer the new kid on the block. Edge computing has usurped the title as its edgy new counterpart.   Or dare we say it; block chain, has blazed through 2017 and 2018, predicted as the second (digital) coming. Yet, Cloud wasn’t forgotten. Rather it became one of many options to choose […]

HEAnet National Conference 2018 with Evros We will be at this year’s HEAnet National Conference in Galway!
Cloud, Events, In the News by Digital Planet

As part of the Evros Technology Group, Digital Planet will be part of this year’s HEAnet National Conference in Galway.   The two-day event (7-9 November 2018) which will be held at The Galmont Hotel is set to explore the latest developments in networking technology and services for the research and education community. Driven to deliver Common, […]

Comments (0)

SUBSCRIBE TO OUR MAILING LIST

DOWNLOAD VEEAM DRAAS EBOOK

 

Download

Categories

Archives

Popular Posts
Virtual Desktop for SMEs 4 Reasons why Virtual Desktop is best for SMEs
Cloud, Virtual Desktop-VDI by Digital Planet
This is how to choose your Enterprise Cloud
Cloud by Digital Planet