Security

09:17 AM
Gaby Friedlander
Gaby Friedlander
Commentary
50%
50%

The #1 Myth about Security Information and Event Management (SIEM)

Probably the most popular myth deceiving IT security professionals today is that Security Information and Event Management (SIEM) software is a sufficiently-robust solution for keeping a close eye on sensitive data and – and to send alerts when anything suspicious happens to it. However, SIEMs can only report on logs they can see - therefore another type of user activity monitoring software is needed to ensure data remains secure.

Probably the most popular myth deceiving IT security professionals today is that Security Information and Event Management (SIEM) software is a sufficiently-robust solution for keeping a close eye on sensitive data and – and to send alerts when anything suspicious happens to it.

SIEMs do improve a company's ability to tighten security, since they can report on relevant logs that may lead to a data breach. However, there are major gaps in the data at their disposal. These gaping holes are perfect targets for someone to quickly and quietly penetrate a system or file that should be off-limits.

The reason for this serious vulnerability is due to the fact that SIEMs are limited and can only report on logs that they are able to read. In other words, SIEMs cannot see activity in all applications and system areas, meaning that they cannot see everything that happens on a server. The result is that many unauthorized server activities will never be reported or altered by any SIEM.

If you're one of those who thinks your stand-alone SIEM is doing its job of IT security for you, be aware that you could have just been breached and you don't even know it! Maybe if you're in the lucky 8% that do discover that your data has been breached, you will have only have a 66% chance of discovering as soon as months later. By then, who knows what havoc has already been wreaked?!

Luckily, there are a few solutions out there that can help protect those soft exposed underbellies. These user activity monitoring solutions are a MUST for any organization that has to protect sensitive data and/or comply with standards. Some of them can be easily integrated with SIEMs in order to completely eliminate user activity blind spots by video and easy-to-read text logs and every user action, in every application and system area (including hidden and underlying commands) and provides this data directly to the SIEM.

Comment  | 
Print  | 
More Insights
More Commentary
Why Settle for Less in the Front Office?
Recent research shows that sell-side firms are less than satisfied with their order management system (OMS) technology. Many front offices, however, continue to make do with their current solutions. Are they selling themselves short?
BYOD Policy: Don't Reinvent the Wheel
Financial firms still feel overwhelmed by BYOD risks and challenges. But these can be addressed by a good policy, and the guidelines are already out there.
The BYOD Challenge
Having a policy in place to manage mobile devices used by employees for work purposes is necessary in this current day.
Getting Onboarding Right in the Age of the Customer
Disparate “Frankenstein” systems slow down the onboarding process and impede customer service, says Pegasystems.
Performance Monitoring Key to Smooth Infrastructure Modernization
As banks consider how to shift infrastructure and storage solutions, they can’t afford to lose visibility into performance.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video