Security

09:17 AM
Gaby Friedlander
Gaby Friedlander
Commentary
50%
50%

The #1 Myth about Security Information and Event Management (SIEM)

Probably the most popular myth deceiving IT security professionals today is that Security Information and Event Management (SIEM) software is a sufficiently-robust solution for keeping a close eye on sensitive data and – and to send alerts when anything suspicious happens to it. However, SIEMs can only report on logs they can see - therefore another type of user activity monitoring software is needed to ensure data remains secure.

Probably the most popular myth deceiving IT security professionals today is that Security Information and Event Management (SIEM) software is a sufficiently-robust solution for keeping a close eye on sensitive data and – and to send alerts when anything suspicious happens to it.

SIEMs do improve a company's ability to tighten security, since they can report on relevant logs that may lead to a data breach. However, there are major gaps in the data at their disposal. These gaping holes are perfect targets for someone to quickly and quietly penetrate a system or file that should be off-limits.

The reason for this serious vulnerability is due to the fact that SIEMs are limited and can only report on logs that they are able to read. In other words, SIEMs cannot see activity in all applications and system areas, meaning that they cannot see everything that happens on a server. The result is that many unauthorized server activities will never be reported or altered by any SIEM.

If you're one of those who thinks your stand-alone SIEM is doing its job of IT security for you, be aware that you could have just been breached and you don't even know it! Maybe if you're in the lucky 8% that do discover that your data has been breached, you will have only have a 66% chance of discovering as soon as months later. By then, who knows what havoc has already been wreaked?!

Luckily, there are a few solutions out there that can help protect those soft exposed underbellies. These user activity monitoring solutions are a MUST for any organization that has to protect sensitive data and/or comply with standards. Some of them can be easily integrated with SIEMs in order to completely eliminate user activity blind spots by video and easy-to-read text logs and every user action, in every application and system area (including hidden and underlying commands) and provides this data directly to the SIEM.

Comment  | 
Print  | 
More Insights
More Commentary
What Will the Financial Back Office of Tomorrow Look Like?
Asset managers are increasingly looking to automate their manual back office workflows. Confluence calls it the "back office revolution."
Bankrolling Technical Debt: A Financierís Guide
Technical debt represents the effort required to fix source code or application problems that put the business at risk.
Staying Ahead of the Game With Continuous Delivery
The need to develop better software faster is leading financial organizations to continuous delivery (CD), a practice pioneered by SaaS companies like Salesforce.
Shore Up Cyber Security Now
Knowing that a data breach can and will happen at some point, asset management firms can manage new operational and regulatory risk with a layered approach to cyber security.
Is Big Data a Problem or an Opportunity?
When it comes to data, financial services firms are, as a rule, quite circumspect. They fear cyberattacks, data theft, data loss, security breaches, data privacy, and human error.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video