In today’s complex security infrastructures it can be difficult to stay current and keep on top of day-to-day operations. One of the toughest jobs for information security professionals is getting real-time information about what is actually happening across their company networks. The security system administrator who also often acts as the network system administrator and his/her team is given the daunting task of monitoring activities on the corporate network that might compromise the security of the company’s digital assets as well as the day-to-day running of the company’s network.
Security professionals are inundated with an overwhelming flow of security events from intrusion detection systems (IDS), authentication systems, firewalls, vulnerability scanners, antivirus, operating systems, applications, and an ever-growing list of assorted security products. In large organisations with several variants of these systems, this huge flood of events per day can be overwhelming.
So why do we need to analyse these events? In the past, financial institutions, the military and certain government agencies were the primary groups daring enough to analyse this data. However, times have changed and there is now a growing impetus for organizations of all types and sizes to monitor and analyse security event information. Some of the business drivers for implementing a SIEM or log management strategy are:
Expanding use of e-business/e-commerce
Audit and reporting requirements
Daily Increase in the numbers and sophistication of threats
Regulatory Compliance; PCI DSS, SOX, DPA etc
Some of the problems experienced when trying to manage security events from disparate security systems decentralised into individual silos without a central SIEM or Log Management solution or a central security team include:
Attacks from the same source against different groups are unlikely to be identified as being related.
Individual system administrators are expected to monitor events and then know what to do in a crisis—instead of one group with in-depth security experience responding to incidents. Administrative duties and system availability typically take priority over security duties. This can lead to security incidents going unnoticed and security vulnerabilities being ignored.
Best-practice methods for incident response and handling are less likely to be followed when responsibilities are shared across distributed teams.
The impact of a security breach can be costly. There are not only the remediation costs to consider but also brand impact, loss of customer confidence, penalties from regulatory bodies and loss of competitive advantage if confidential product or client data is leaked to a competitor so it essential for organizations to have real-time intelligence of what is happening on their networks.
In recent years the Security Operations Centre (SOC) has evolved to address these problems. A SOC and its outsourced sibling, the MSSP is a dedicated team of security analysts that centrally manage and monitor their clients’ networks and perimeter security systems from redundant secure operations centres in real time around the clock. The enabling technology for the operation of a SOC is SIEM.
NetIntegrity are experts not only in designing and implementing comprehensive SIEM and Log Management solutions but also in developing and rolling out the business processes, policies and organizational structures required to build an effective Security Operations Centre, either in house or outsourced to an MSSP. Depending on the size and type of organization, a full SOC may not be a requirement but the technologies, principles and business processes required to implement a SOC can be adapted to suite any operational environment.
We have researched the market for SIEM and Log Management solutions that match the requirements of organizations of all sizes and sectors, from large multinationals to mid-size enterprises. We have the experience to integrate SIEM into your organization’s existing Security Management infrastructure to enable you to harness the latent intelligence within your Security event and log data.
Our consultants have proven experience implementing Global SIEM and Log Management strategies in highly complex heterogeneous environments for some of the world’s largest organizations.
Benefits
By implementing an effective SIEM and Log Management strategy, NetIntegrity can help you to reduce operational risk, improve regulatory compliance, improve incident management response times and effectiveness and reduce the costs of your security operations.
SIEM technology reduces the amount of manpower required to trawl through logs of disparate systems which makes up an organisation’s security infrastructure. The data overload created by logs from firewalls, proxies, IDS, email systems, network devices etc. can make understanding an organisation’s security posture almost impossible. These logs are also stored in different formats.
Centralised logging capability within SIEM can help alleviate this issue. Moreover, SIEM normalizes the logs from disparate devices into a consistent format, making log analysis and forensic investigation easier.