It turns out that one of the major foundational blocks of your organisation’s IT security could have been learned from Sesame Street. Cooperation, makes it happen, working together. (Dig it!).
Indeed, this could be the theme song of SIEM - Security Information and Event Management, a platform that provides a holistic overview of an organisation’s IT security.
If you're not already using a SIEM, you’re going to want to keep reading to find out what it is, whether or not you need it, and what you’ll need from your security service providers in order to get the most out of it. Cooperation, after all, is key.
Keeping it SIEMple
Most businesses and organisations have more than one IT security service provider, or multiple security technologies. It only makes sense. You can have the top anti-virus program in the world, but it’s not going to do anything to protect you from DDoS attacks, so that means you need a DDoS service provider. And that’s in addition to firewalls, web application firewalls, access governance systems, data encryption, and so on and so forth.
You’re probably thinking about how much it is to keep track of. Therein lies the problem. And SIEM? Therein lies the solution. SIEM is a combination of security information management, which compiles security data to provide easy trend analysis and automated reporting so you can see what’s normal on your network and identify any deviations, and security event management, which enables almost real-time threat monitoring and analysis, allowing for fast mitigation and defensive actions.
Essentially, a SIEM platform – like Splunk (opens in new tab) or HP ArcLight (opens in new tab) – is a centralised system that provides security information and alerts from any number of security resources, providing easy analysis and an instant snapshot of what’s going on with your organisation’s security at any given time. Faster, easier, and altogether more efficient than checking in on individual security technologies and services.
Who benefits from this type of platform?
If your business’s security consists of two-step verification on your email and a Louisville slugger within arm’s reach of your cash register, then no, SIEM is probably not for you. But if your organisation has multiple layers of infrastructure, multiple networks and multiple security technologies or providers, then SIEM is a necessity.
Additionally, if your organisation deals with compliance regulations, be it HIPAA, GLBA, HITECH, SOX or any other governing body, SIEM can easily address compliance regulations both directly and indirectly through features like log management and reporting capabilities.
Next steps after committing to SIEM
As excellent as SIEM is, its effectiveness relies on the integration of your security services and systems. That’s where the cooperation really comes in. Your security solutions need to be able to play well together, and they need to work seamlessly with your SIEM. It’s the only way you can efficiently and effectively manage your IT security.
The good news is that leading security service providers, such as Imperva Incapsula, will take the steps necessary to offer plug and play integration with leading SIEM platforms (opens in new tab). Consider it: if a security service or technology cannot be easily integrated with other security systems or platforms when that integration is necessary for the overall protection of your organisation, is that service or technology advanced enough to be on the frontlines of your organisation? The answer, unequivocally, is no.
So take it from what you've just read, or from Sesame Street: cooperation is better, especially when it comes to your organisation’s security. Dig it, indeed.
Image source: Shutterstock/alexaldo