EO Johnson Blog

SIEM Keeps a “Big Eye” on Cyber Criminals

Written by EO Johnson Business Technologies | Tue, Dec 6, 2016

SIEM, not to be confused with “Seim” the language of Papua New Guinea, or a river in the Ukraine, is an acronym for Security Information and Event Management.

SIEM is a complex set of technologies that form a “big eye” in your technical infrastructure watching for every subtle sleight of hand being played by cyber criminals. It’s the big brother to your firewall and antivirus—that provides real-time analysis of security alerts generated by network hardware and applications. It really is complex.

Cybercriminals like simple.

It’s SIEM’s “complexity” that sends the crooks off to find easier jobs. As big banks continue to harden their security—small to midsize banks have become cybercrime’s new sweet spot. As the threats rise, bank examiners are suggesting SIEM. Many smaller banks have been told about SIEM but don’t know how to use it. SIEM is not a simple box that can be dropped in and incidents pop out like a neon sign.

Managed Security Service Providers (MSSP) Offer Expertise

Banks are not in the security business, nor can they afford to test out the many SIEM technologies available. Without care and feeding, SIEM is just a log manager.

“Complexity is a big issue, as is issues with cost of ownership. It’s not just an issue of acquiring and installing SIEM. You have to do quite a bit of integration, configuration and ongoing maintenance. And you’ve got to have dedicated resources for it if you want it to be responsive,” says Dean Francis, author of IT Pro Ranking: SIEM.

Some customer focused MSSPs are doing the research. They’re making the investment to test the technologies and find the best SIEM option for their customers. A managed security partner can also add the human expertise needed to interpret SIEM’s core log correlation talent to provide threat information in real time—as it’s happening.

SIEM Needs Attention to be Most Effective

It’s difficult for small to midsize banks to keep up with SIEMS logs, catch the irregularities and respond to them appropriately. Looking at the depth of its capabilities, it’s easy to see why.

SIEM logging capabilities include:

  • Widespread log collection throughout your network devices, security appliances, databases, workstations and more in your system.
  • Real time log correlation that happens in-memory to detect zero-day threat vectors.
  • Performance capability to process all time and transaction-based events to provide actionable data and incident awareness.

Logs need analysis. A security partner has quick access to a wealth of historical data, network and user activities for anomalies and patterns that raise red flags in your network - including discovering the root-cause of the threat, breach, failure, or activity that appears to be non-compliant.

Automated quick response actions in SIEM software contains the threats and has even expanded beyond security to cover IT troubleshooting and issue remediation.

Logging analysis software can:

  • Send real-time notification and alerts of irregularities in the network.
  • Interactively explore historical log data.
  • Isolate root-cause threats, breaches, failure, or any other non-compliant activity.
  • Perform event forensics to determine what really happened before, during, and after the event.
  • Track log activity over time and in context of suspicious events.

One of the key values SIEM brings to banking is regulatory compliance and reporting capability. Be aware that not all SEIM products ensure compliance reporting such as:

  • Detailed reports of non-compliant activity and policy violations in your network.
  • Historical system-based, user-based and network-based event data for compliance auditing.
  • Information on threat responses and mitigation measures used by the system to contain or prevent attacks.

SIEM is the “big eye” watching over your infrastructure. Based on the success of large bank use of SIEM to thwart breaches, it’s time small to midsize banks had the same protection. Partnering with a managed service security provider can be an affordable path to security and your peace of mind.