Security Information and Event Management (SIEM) systems have become indispensable to many modern businesses. By providing real-time analysis of security alerts generated by network hardware and applications, SIEM offers businesses a more advanced platform for both identifying and managing threats.
Development of SIEM
A recent survey conducted by EiQ Networks found that 44% of companies are using SIEM technology to help protect their networks, compared to 86% using traditional firewalls and 71% using anti-virus software. SIEM is, effectively, still an emerging solution and an evolutionary step in the world of cyber security. It originates from the merger of SIM (security information management) and SEM (security event management). These original solutions had previously been around in the security industry for quite some time. When the two combined they “took off like a flash, eclipsing the older approaches”, according to Peter Stephenson at SC Magazine. The success, he says, is for a good reason: information and events go together very closely in the cyber event management world.
The benefits for business
SIEM provides far reaching benefits for businesses across many sectors, especially those dealing with sensitive financial or personal data. This includes:
Advanced handing of security breaches
SIEM systems can be used by IT teams to instigate rapid responses to security breach attempts together with a near instant resolution to any problems. As such, businesses employing an SIEM solution can minimise the costs of a breach and its associated remediation.
Increase staff productivity
SIEM enables trained IT security staff to identify issues far more easily. Previously, security analysis in IT departments required highly repetitive log file analysis, zapping human resource in the process. By analysing and correlating event logs from multiple devices, SIEM solutions help to minimise excess hours spent in analysis and enable IT to get a clearer picture of problems more quickly.
Efficiently track and monitor events
With SIEM systems in place, businesses can track and monitor a whole range of useful events, including:
- Administrator and user activity – with violations of predefined policies sending automated reports to a super-administrator
- Access to confidential files and folders (see who has accessed financial information, for example)
- Denied access attempts – where a user has been denied access due to controls set
- Network gateway activity – view logs of activity occurring on network routers
- Suspicious user activity – multiple failed logins and unauthorised systems access
- Critical system errors – report on critical health issues for server/routers etc.
Improved analysis for IT administrators
IT administrators can gain a much more advanced overview of business processes and the use of business assets using an SIEM solution. This can help businesses to minimise capital expense by making cost savings where assets are under-used.
SIEM systems are an evolutionary step in cyber security, providing advanced handling of security breaches, more efficient tracking of events, improved analysis and improved staff productivity. For businesses considering a step-up in their defences, a solution integrating SIEM should be part of the path forward.
Simon Heron is the CTO at Redscan Ltd, a managed security company, where he is responsible for developing the overall business and technology strategy and growth.
Heron has more than 16 years’ experience in the IT industry, including eight years’ experience in internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs.
Prior to Redscan, Heron co-founded and was Technical Director of Cresco Technologies Ltd, a network design and simulation solution company with customers in the USA, Europe and China. Heron began his career as a digital hardware and software engineer, developing pioneering speech recognition technology before moving on to work for the British Antarctic Survey (B.A.S.) as science project leader. While at the B.A.S. he spent two Antarctic winters at the research station Halley in the Antarctic, developing and enhancing graphical technologies in the harshest of conditions.
Heron has an MSc in Microprocessor Technology and Applications, and a BSc in Naval Architecture and Shipbuilding and is a Certified Information Systems Security Professional (CISSP) and is a PCI-DSS Implementor (PCI-IM).