Security visibility is not a TECHNOLOGY problem; it’s a RESOURCE problem!
The Information Security industry is broken right now. Most businesses outside of the Fortune 500 cannot afford a Chief Information Security Officer plus an IT Security Team plus the cost of buying IT security tools. Therefore, businesses are left vulnerable and confused on how to protect and monitor their network, especially small and medium size businesses.
Protecting a network is very similar to protecting a physical building. You need locks, gates, cameras, security dogs, security guards, etc. In the network world, it is very similar. There are multiple tools that you need; however, unless they are all working together, you are only getting a fraction of the real picture. With a SIEM (Security Information and Event Management), you gain visibility and maintain compliance with ongoing maintenance – security intelligence. You’re basically using all “5” senses to take an action. This is called correlation. Add implementation and management of the system, and this is an MSSP’s value proposition.
The 5 Security Pillars that no organization should be without (the vitals)
- Asset Discovery
- Threat Detection
- Vulnerability Assessment
- Behavioral Monitoring
- Security Intelligence (SIEM)
How Does a Well Designed SIEM Platform Work?
At Intrinium, we believe a well-designed SIEM must include these capabilities and more, all working together to combat escalating world-wide threats, technology breaches and assaults:
- Data Aggregation and Critical Event Management – The log management component must aggregate data from all sources, including network, security, servers, databases and applications and provide the ability to consolidate monitored data to avoid missing critical events.
- Data Correlation – This module looks for common attributes and links events together into meaningful bundles. It includes the ability to carry out a variety of automatic correlation techniques designed to integrate different sources and transform data into useful information.
- Automated Alerting Systems –This is actually the heart of a well-functioning SIEM. It includes automated analysis of correlated events and produces alerts that notify system managers and others of issues that demand immediate attention. Alerts can be automatically and immediately sent to a dashboard, delivered as instant messages, sent via email and delivered to everyone including third parties who may need to act on the information.
- Dashboards – another essential element of the SIEM is a central dashboard that acts exactly like a dashboard on a car or the pilot console of an airplane. It is the central location that informs managers about what is happening with their systems. It can be customized to identify patterns, activity, potential breaches and more.
- Governmental and Other Regulatory Compliance – this includes applications that automate the gathering of compliance data and produce reports for delivery to security, governance and auditing agencies.
- Data Retention – the SIEM should include current storage and automatic archiving of historical data for comparison and correlation of data over both short and long periods of time. At a minimum, it must retain data long enough to meet compliance requirements and for forensic investigations.
- Forensic Analysis – If the dashboard is the heart of a well-functioning SIEM, then the forensic analysis module is the brains of the system. It must allow investigators to quickly search through all historical data and to drill down to whatever level is necessary to ascertain how threats developed and provide clues on how to deal with them in the future.
Intrinium has been in the Information Security business since January of 2007 and believe that security is a state of mind, not a collection of products. Contact us today to learn how we can help you develop a Security Information and Event Management Strategy.