Is SIEM the Silver Bullet for Cyber Threat Prevention?

With cyber threats evolving and increasing in number, cyber security remains a significant challenge for organizations. The IT staff has to perform quick analysis of the security data online to determine if potential security vulnerabilities exist; they don’t have to do this for a week or two, but months or even years.


Photo: watcharakun / Shutterstock

Why, you ask? Well, it has been well-publicized that hackers can lurk on company networks for a long time, evading breach detection and waiting for the right time to attack.

The Heartbleed Bug is a prime example – it went undetected for two years and could be exploited without leaving any trace, so a large number of networks may have been compromised without knowledge of enterprises.

To detect such vulnerabilities and mitigate potential damage, organizations need to collect network logs and security-related information for analysis. The endeavor specifically requires collecting data produced in multiple locations within organizations and being able to look at it from a single point of view.

So what is needed is quick access to data to scrutinize if anything happened and when. In other words, organizations the ability to analyze and find those loopholes – and it can be one huge loophole – that can reveal what possibly happened.

That is where Security Information & Event Management solutions (SIEM) are a blessing in disguise. They not only include features that collect, normalize, and categorize millions of network logs and events per second, but also possess the ability to keep the data online for ongoing operations.

What You Need To Know About SIEM

SIEM systems reveal critical vulnerabilities through log information analysis. Gartner says the analysis is conducted in real time to enable incident response. Data collection isn’t limit to networks, but also extends to system applications and host systems for cyber compliance.

Palo Alto networks reported to ComputerWeekly earlier in the month that hackers are exploiting the core applications utilized by businesses after analyzing traffic data from 5,500 networks and collecting billions of logs over a year. Sharing applications such as videos, email, and social media are being favored for attacks; therefore organizations need to detect these threats at their soonest and SIEM solutions can help.

The growth of these solutions is associated with a need for effective espionage monitoring. The SIEM market stood at $1 billion in 2008, and IDC estimate it will increase $1.4 billion within the next five years, a 16 percent annual growth rate.

SIEM integration has also received backing from organizations needing to replace platforms that don’t feature the right level of analytical capabilities. The solution allows them to be proactive in safeguarding their digital assets as well as control the risks associated with cyber threats.

Who requires SIEM?

Beyond organizations, government and financial institutions face a high volume of risk due to storage of large amounts of data.

Therefore, every type of institute or organization needs a solution that allows them to close the loop on discovered vulnerabilities. The additional benefit is fewer hours spent in analyzing network and system logs.

Organizations planning to implement an SIEM solution must keep the following best practices in mind:

Scalability: There is no standard limit when it comes to the amount of logs generated and their sources, so an SIEM product should be able to analyze logs from all possible sources. Additionally, the system should include capacity to collect and analyze logs that may arise in the future (because of purchasing new systems and devices or implementing new networks).

Fast response: SIEM should be implemented as a part of a closed loop network. This would enable the process to monitor anomalous behaviors for marking unsolicited patterns and information breaches such as network malware and password attempts.

Security compliance: Deployment of SIEM solutions should be geared towards meeting cyber security compliance, which includes improvement in log reporting and threat detection. This will reduce the burden on IT teams to comply with security expectations.

SIEM might not be a silver bullet for determining corrective response, but it could bring down risks to an acceptable level.