Gone are the days when each security breach was considered and evaluated in isolation. Most organizations and companies have now realized that a holistic approach to their information security is the only way forward, as a fragmented approach is an outdated luxury we can no longer afford. This is where the concept of Security Information and Event Management, or SIEM, comes into play.
What is SIEM?
The term refers to a range of services and tools that aim to enhance cybersecurity by adopting a comprehensive view across an organization’s operations. SIEM software aims to bring all crucial information to a single place where it can be effectively evaluated and used to fend off further attacks and address vulnerabilities. As a concept, it has organically evolved from the long-standing practice of log management, but it has grown into much more than that. SIEM incorporates collecting and reporting on log data, providing real-time analysis of said data to better monitor threats and errors, and develop responses.
SIEM is crucial in providing cybersecurity professionals with a record of the information they need to have an accurate picture of their working environment. It is important that cybersecurity defenses and tools are all part of a SIEM-oriented approach, in order for the strategy to reach maximum effectiveness. In this context, it is vital that tools like a WAF, which protects web applications by filtering out malicious traffic, can integrate and work with SIEM systems, as should other tools, depending on each business’s needs. This is feasible through the adoption of formats for the events generated that are easily indexed and processed, such as the JSON or the CEF format.
The Importance of SIEM for Businesses
Even though the concept is not entirely new, SIEM adoption rates seem to have risen lately across businesses interested in investing in web security. Recent ransomware attacks that saw even big industry giants fall prey to hackers might have something to do with this trend. In the 2017 Global State of Information Security Survey conducted by PWC, the company found that 47% of organizations use SIEM tools, while another 51% actively monitor and analyze data related to information security. 48% of those surveyed also stated that they carry out vulnerability assessment, 47% that they conduct threat assessments, and 44% have revealed they set up penetration tests.
This focus on information security data is at the heart of what SIEM is about, and it addresses one of the biggest challenges that IT professionals have experienced lately with the rapidly spreading adoption of online tools and services: how to best put immense amounts of data to good use. In recent years, organizations and professionals have been overwhelmed by an unprecedented rise in the volume of data collected and the speed with which it is accumulated. This holds true for information security data too, especially since our capabilities to discover and keep logs of incidents has evolved, while data breaches have also multiplied and expanded in scope.
SIEM is the security-focused response to that boom in data – much like web analytics allow us to harness a tremendous amount of traffic data in order to improve our marketing approach. Companies of all sizes are targeted by hackers, so implementing SIEM is quickly evolving into a fundamental aspect of a business cybersecurity strategy.
Video – What is Cybersecurity?
This Market Business News video explains, using simple terms and language, what cybersecurity is.