July 10, 2013

Probably the most popular myth deceiving IT security professionals today is that Security Information and Event Management (SIEM) software is a sufficiently-robust solution for keeping a close eye on sensitive data and – and to send alerts when anything suspicious happens to it.

SIEMs do improve a company's ability to tighten security, since they can report on relevant logs that may lead to a data breach. However, there are major gaps in the data at their disposal. These gaping holes are perfect targets for someone to quickly and quietly penetrate a system or file that should be off-limits.

The reason for this serious vulnerability is due to the fact that SIEMs are limited and can only report on logs that they are able to read. In other words, SIEMs cannot see activity in all applications and system areas, meaning that they cannot see everything that happens on a server. The result is that many unauthorized server activities will never be reported or altered by any SIEM.

If you're one of those who thinks your stand-alone SIEM is doing its job of IT security for you, be aware that you could have just been breached and you don't even know it! Maybe if you're in the lucky 8% that do discover that your data has been breached, you will have only have a 66% chance of discovering as soon as months later. By then, who knows what havoc has already been wreaked?!

Luckily, there are a few solutions out there that can help protect those soft exposed underbellies. These user activity monitoring solutions are a MUST for any organization that has to protect sensitive data and/or comply with standards. Some of them can be easily integrated with SIEMs in order to completely eliminate user activity blind spots by video and easy-to-read text logs and every user action, in every application and system area (including hidden and underlying commands) and provides this data directly to the SIEM.