Headlines about major security breaches litter the headlines on a daily basis. Even more concerning are the thousands of unreported thefts of company data that happen every hour. Jayson O’Reilly, director of sales and innovation at DRS says losses can be enormous, not only in terms of money, but in terms of a businesses’ good name.
“At the same time, cyber criminals are getting cleverer and more sophisticated, and with this, their crimes and techniques. Threats are multi-pronged, and any company’s only hope of detecting these threats before too much damage is done is to be able to identify any anomalous behaviour on their networks. This is driving the need for instant, accurate threat information.”
He says one technology that is key to identifying and monitoring threats is security information and event management (SIEM).
“When SIEM is working correctly, it will allow an organisation to collect and analyse data from network and security device and applications. This is not always easy to do, given that IT environments are getting more and more complex and difficult to manage.
“Good security intelligence is the best way to get proper visibility into what is going on inside your IT environment from a security and compliance point of view, and SIEM is the best tool available to do this.”
O’Reilly says a good SIEM solution must not only work today, but tomorrow too. “It must be scalable over time, and easy to deploy and manage, and infrastructure must be updated with the most current and relevant threat intelligence to ensure you stay a step ahead.”
He says correctly deployed SIEM allows technical staff to be more proactive in terms of the business’ security.
“By gathering, correlating and analysing event logs from many different devices, problems can be more easily identified. In addition, SIEM systems offer a clear and accurate audit trail that is necessary with today’s tight compliance requirements. SIEM also enables security practitioners and staff to handle breaches more effectively.
“SIEM allows for quick responses to any attempted breaches, and allows technical staff to resolve them faster, with fewer complications. In this way, the cost of breaches, and their ‘post mortems’ and remediations is vastly reduced.”
In terms of the business, he says SIEM also helps to optimise and streamline business processes, by giving the organisation a thorough view of how business assets are used, and how business processes work.
“In this way, companies can see where assets are under utilised, or where business processes are ineffective. SIEM can be used not only for security, but for the reporting and analysis of many different areas in the business, such as finance, HR, operations and management.”
Having the correct information when you need it is vital to the success of any business.
“Too much time spent on investigating incidents, will be spent on events that have already occurred. Having the correct, meaningful, relevant data on hand is vital to a company’s effective incident response and management.”