Challenges & Benefits of Security Information & Event Management (SIEM) Adoption

Overcome the challenges to achieve SIEM success

The concept of a SIEM has been around in various forms for many years. Originally a compliance tool for organisations collecting events from as many data sources as possible, SIEM evolved firstly into a threat detection system to improve the security posture of an environment, and then into an advanced investigation and response platform, enabling a Security Operations Centre (SOC) to rapidly detect security anomalies across the enterprise.

Traditional SIEM solutions were deployed on premises, needing competency in sizing, scoping and considerable resources to run. Next generation SIEM solutions are Software as a Service (SaaS) based in the cloud, taking out a lot of the upfront pain at the design stage and allowing for ‘scale up’ of the platform, as the enterprise grows.

One of the greatest challenges with SIEM adoption is ensuring all possible attack vectors for an environment are covered, this means that data sources that complete different functions are ingesting into the platform, from servers, firewalls, email security, cloud environments, and endpoints, these all need to be ingested, tuned for security value, and then monitored for anomalies. The next generation of SIEM solutions that are cloud native offer rapid data source parser and analytics rules development ensuring most environments can be completely covered leaving no blind spots.

As SIEM solutions have evolved the solution is maturing with user and entity behaviour analysis (UEBA) support allowing for discovery of abnormal and/or risky behaviour of users, machines, and other entities within an environment.

As the MITRE ATT&CK framework has matured and grown in popularity it has been fully integrated to next generation SIEM solutions allowing for the identification of attack tactics, techniques and procedures across on-premises, private and public cloud, and containerised environments.

The future of advanced next generation SIEM solutions will be the continued development and maturing of security orchestration, automation, and response (SOAR). Traditionally very difficult and to complete successfully in a fully on-premises environment, the advent of Public Cloud allows for a fully supported SOAR approach where events from a next generation SIEM solution can trigger logic to force a password reset for a particular user exhibiting risky behaviour, through to changing network peering for a machine that has alerted for malware. The possibilities of this advanced automated resolution approach really are endless, caveated with the need to be cautious, and the environment needs to be mature from a SIEM baseline perspective.

At Logicalis we have over 14 years of experience designing, building, and maturing SIEM solutions of myriad of customers from all sizes and verticals.

Image

To continue the conversation and to find out more about what Logicalis UK have to offer, we invite you to join us for a 60-minute webinar on the 21st of February at 10am (UTC). We will look at the common challenges that customers face when looking to move towards an EDR solution, what they are trying to achieve in doing so and how we can help deliver the best value out of that platform.

Secure your place today!