Want to know what a SIEM is? Not just an acronym, Security Information and Event Management, but the deep meaning behind it?
Imagine a battle. Why? Because cybersecurity is a battle, an ongoing war actually! And to win a battle, it has to be lead, all your battle units need to be coordinated well. And you need an overview of a battlefield. A place to make your decisions. For all that you need battle headquarters. In corporate cybersecurity warfare, its headquarters is Security or Network Operations Center. Now, imagine yourself a general. You receive current battle news from your subordinates, you asses the battlefield situation, make your decisions, and send out new battle orders. But, if you are not able to work through mountains of rapidly incoming battle data quickly enough, it will not matter wether you’re a genius general the likes of Patton, Montgomery or Rommel, or nobody… you will lose. Your battlefield intelligence needs to be current. It must be filtered, for instance don’t bother yourself with the state of food supply until one battle is over. It must be informative, actionable, possibly with added information. Inputs must be from all possible sources, but with relation to each other. Maybe you will need to compare the situation to one of the previous battles where you fought the same enemy general. Etc.
How can we make sure you will be informed well to make good decisions? Fast decisions? Right decisions? You already have your data sources, the battlefield. And then you must install good subordinates through which this data will flow. Based on the data, they will give you battlefield intelligence. You will decide. A battle will be won. One step closer to winning a war.
SIEM is your battlefield intelligence officer. It collects data from all the assets in your corporate network – network equipment, servers, applications, security solutions etc. IT filters data, enriches it, aggregates it, stores it in a central location. It correlates data from multiple source types and builds actionable intelligence. It alerts you to priority issues and reports on ongoing situation, in detail or, in general. It does most of the work for you. Then you only need to make appropriate decisions. Hire LogRhythm, Micro Focus ArcSight or Trellix (McAfee Enterprise & FireEye) SIEM as your main battlefield intelligence officer!