SIEM, not to be confused with Seim the language of Papua New Guinea, or a river in Ukraine, is an acronym for Security Information and Event Management.
SIEM is a complex set of technologies that form a big eye in your technical infrastructure watching for every subtle sleight of hand being played by cybercriminals. It’s the big brother to your firewall and antivirus—that provides real-time analysis of security alerts generated by network hardware and applications. It really is complex.
Cybercriminals like simple
It’s SIEM’s complexity that sends the crooks off to find easier jobs. As big banks continue to harden their security—small to midsize banks have become cybercrime’s new sweet spot. As the threats rise, bank examiners are suggesting SIEM. Many smaller banks have been told about SIEM but don’t know how to use it. SIEM is not a simple box that can be dropped in and incidents pop out like a neon sign.
Managed Security Service Providers (MSSP) offer expertise
Banks are not in the security business, nor can they afford to test out the many SIEM technologies available. Without care and feeding, SIEM is just a log manager.
“Complexity is a big issue, as are issues with the cost of ownership. It’s not just an issue of acquiring and installing SIEM. You have to do quite a bit of integration, configuration, and ongoing maintenance. And you’ve got to have dedicated resources for it if you want it to be responsive,” says Dean Francis, author of IT Pro Ranking: SIEM.
Some customer-focused MSSPs are doing the research. They’re making the investment to test the technologies and find the best SIEM option for their customers. A managed security partner can also add the human expertise needed to interpret SIEM’s core log correlation talent to provide threat information in real-time—as it’s happening.
SIEM needs attention to be most effective
It’s difficult for small to midsize banks to keep up with SIEMS logs, catch the irregularities and respond to them appropriately. Looking at the depth of its capabilities, it’s easy to see why.
SIEM logging capabilities include:
- Widespread log collection throughout your network devices, security appliances, databases, workstations, and more in your system.
- Real-time log correlation that happens in memory to detect zero-day threat vectors.
- Performance capability to process all time and transaction-based events to provide actionable data and incident awareness.
Logs need analysis. A security partner has quick access to a wealth of historical data, network, and user activities for anomalies and patterns that raise red flags in your network - including discovering the root cause of the threat, breach, failure, or activity that appears to be non-compliant.
Automated quick response actions in SIEM software contain the threats and have even expanded beyond security to cover IT troubleshooting and issue remediation.
Logging analysis software can:
- Send real-time notifications and alerts of irregularities in the network.
- Interactively explore historical log data.
- Isolate root-cause threats, breaches, failure, or any other non-compliant activity.
- Perform event forensics to determine what really happened before, during, and after the event.
- Tracklog activity over time and in the context of suspicious events.
One of the key values SIEM brings to banking is regulatory compliance and reporting capability. Be aware that not all SEIM products ensure compliance reporting such as:
- Detailed reports of non-compliant activity and policy violations in your network.
- Historical system-based, user-based, and network-based event data for compliance auditing.
- Information on threat responses and mitigation measures used by the system to contain or prevent attacks.
SIEM is the big eye watching over your infrastructure. Based on the success of large bank use of SIEM to thwart breaches, it’s time small to midsize banks had the same protection. Partnering with a managed service security provider can be an affordable path to security and peace of mind.
