What is SIEM?
Businesses have always relied on data to make decisions. Over time, however, the volume of data available has increased to the point where humans are often rendered incapable to cope with it by themselves. This has led software companies to develop solutions that analyze vast quantities of data and present the results in a way humans find more manageable. In the cybersecurity world, that solution is SIEM.
A short overview of Security Information and Event Management (SIEM)
SIEM stands for security information and event management. As its name suggests, it’s a hybrid of security event management (SEM) and security information management (SIM). The former analyzes log and event data in real-time and the latter collects, analyzes, and reports on log data on a continual basis but not in real-time. Essentially, SEM is about threat monitoring and incident response whereas SIM is about effective record-keeping and security management.
SIEM keeps it all together for cybersecurity professionals
Modern IT security needs to work holistically, otherwise, cybercriminals can sneak through the cracks between the various defenses. SIEM software aggregates data from all networked linked devices (except potentially for devices on the internet of things). It works through all seven layers of the OSI model and so acts as a “one-stop-shop” for anything a cybersecurity professional might want to know about how their network is running.
SIEM software provides alerts if a system detects that there is a threat in progress. It also provides reports on security-related network activity, for example, logins both successful and failed.
Security Information and Event Management (SIEM) and Compliance
It has long since ceased to be enough “just” to do the right thing. You have to be seen to be doing the right thing. More accurately, you need to be able to demonstrate to law-makers, law-enforcers, and regulators that you have done the right thing. These days SIEM is effectively, if not explicitly, required for any company which has to comply with programs such as HIPAA, SOX, and/or PCI/DSS. In fact, this was one of the major initial drivers behind the mainstream adoption of SIEM. Now it is one factor among many.
SIEM analysis is becoming ever more effective
SIEM analysis has developed beyond simple rules-based processing. Vendors are now supporting advanced statistical analysis and machine learning. We are also starting to see the introduction of artificial intelligence and deep learning capabilities. This is already enabling improvements in monitoring and alerting, such as improving the identification of patterns and developing inference capabilities.
This, however, looks like only the beginning (albeit a very exciting one). Some experts believe that the introduction of AI into SIEM will make it easier for the SIEM to suggest remedial actions. In fact, some experts believe that SIEM may become able to initiate some remedial actions on its own initiative.
For those who think this sounds far-fetched, it’s worth remembering that a lot of security monitoring software already can undertake some remedial actions without human prompting. In fact, humans depend on it. For example, with countless forms of malware out in the wild, it would be effectively impossible for any anti-malware product to deliver effective protection if it had to depend on human authorization for every action it took.
Bringing SIEM to SMBs
At present, SIEM is still very much an enterprise-focused tool. The harsh reality is that SMBs may want it, but they may find it impossible to justify the purchase. There are two main reasons for this. Firstly, SIEM software can be challenging to implement. Secondly, implementing even a basic SIEM solution is likely to carry a hefty price tag, especially given the sort of budgets to which SMBs have to work.
The main reason for both is that currently, SIEM solutions tend to be run entirely on-premises. The advantage of this approach is that sensitive data stays within the company’s network or perhaps it would be more frank to say that it never enters the public internet, not even encrypted. The disadvantage of this approach is that it creates complexity and hence expense.
Not only do SMBs have to think about the purchase price of the SIEM software itself, which can be significant, but they also have to think about recruiting and retaining the staff needed to make them work. This creates all the usual challenges of staffing exacerbated by the fact that people with the necessary skills are in huge demand worldwide.
Fortunately, cybersecurity vendors are now working on developing hybrid and cloud-based SIEM solutions, which could provide SMBs with a much more affordable alternative. Expanding SIEM usage could be a massive win for the internet as a whole since it could put cybercriminals under real pressure.
Please click here now to have your website scanned, for free, by cWatch from Comodo.