Choosing the Right SIEM Solution

April 11, 2017 · steveverbanic · · Comments

Concurrent with the ongoing digitization of organizations large and small, cybercrime is on the rise. Consider the following statistics:

  • According to the 2016 Verizon Data Breach Investigations Report, more than 100,000 security incidents were reported in 2015. Approximately 3,000 were confirmed as data breaches.
  • A report released in January 2017 showed that in 2016, the number of data breaches rose to 4,419, resulting in the compromise of more than 4.2 billion records.
  • Research by the Ponemon Institute sponsored by IBM, found that on average, the total costs resulting from a data breach rose to $4 million.

At the same time, government regulatory agencies are escalating compliance demands on organizations to better protect consumers from cybercrime. In response, organizations are increasingly looking to SIEM to more efficiently manage and analyze the data required to optimize security and ensure compliance with more rigorous regulatory requirements.

What To Look For In A SIEM

But not all SIEM solutions are created equal. The most effective SIEMs function as a component of a tightly integrated, end-to-end security architecture. When evaluating SIEM technology, look for:

  • Real-time, automated infrastructure and application discovery: Today’s borderless enterprise is in constant flux and needs constant monitoring in order to detect incidents. An effective SIEM provides automated discovery across the entire infrastructure—including virtual and cloud-based segments—and across all applications.
  • Real-time event correlation: As cyber threats become more sophisticated, correlating events as they happen is a critical aspect of pattern detection. Real-time event correlation allows for immediate and wide-scale detection of threats.
  • Dynamic user identity mapping: Connecting user identity to network identity is increasingly challenging due to the use of VPNs and DHCP; however, it’s critical for correct log analysis. A good SIEM solution will use identifying repositories combined with network events to form dynamic user identities, enabling rapid response and problem resolution.
  • Machine learning: The amount of data needed to comprehensively monitor a network and simultaneously analyze threat feed integration is overwhelming. The most advanced SIEM solutions use machine learning to process all this data and provide visibility of the organization’s ecosystem, as well as the location of any vulnerabilities and threats.
  • Unified internal and external threat intelligence: Both structured and unstructured data from internal and external sources needs to be correlated. By unifying in- and external data streams, organizations can detect threats faster and respond appropriately.
  • Efficient compliance reporting: As regulatory requirements become more stringent, it’s critical to have accurate, up-to-date compliance auditing and management tools incorporated into the SIEM solution.

There are many SIEM solutions on the market today that are uniquely equipped to provide all these capabilities and more.  Contact SLAIT Consulting to learn how we can help you deploy the right SIEM solution.