The Proper Roles that SIEM Appliances Should Fulfill in Organizations

Data security is a part of the IT infrastructure that should take care of itself. Companies have enough to worry about without always looking over their shoulder to make sure no one is stealing vital information.
As most organizations recognize, this is NOT the case. Security specialists are never without work for the simple reason that almost every day a headline reads “International Company [you fill in the blank] Suffers Massive Data Breach.” Read deeper into those articles and a company representative is often quoted as saying something akin to, “The breach happened a couple days ago and we just caught it. We’re still trying to figure out how many of our customers were affected and who is responsible.”
The truth of the matter is that data security does not take care of itself. But Security Information and Event Management (SIEM) solutions take the edge off these concerns by acting as a constant watchdog that performs several services:

  • Logging information
  • Correlating data
  • Alerting security administrators as soon as a breach is detected
  • Providing a dashboard to give an easily accessible picture of what is happening in the environment at any given time.

Simply put SIEM solutions gives organizations visibility into their security posture by providing usable and actionable information.
Large enterprise organizations are leading the charge into the adoption of SIEM appliances. Many of these organizations implemented SIEM solutions in large part due to their size to meet internal and external compliance requirements but a growing number of smaller organizations are adopting these solutions due to the sensitive information they handle.
The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) released its Framework for Improving Critical Infrastructure Cybersecurity in early 2014 that outlined five (5) ways organizations with critical systems could protect themselves and their data from a cyberattack.The five areas that this framework outlined included:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

Without an SIEM solution, step 3 or detection is nearly impossible. Without detection, response and recovery are entirely impossible.
The hard truth is that it is impossible to prevent all breaches. The next best thing to all-out prevention is a good protection system and a planned, swift course of action in the case of a breach. SIEM solutions play a large role in quickly detecting breaches and many can be customized to provide immediate responses upon detection of a breach.
SIEM solutions do not prevent breaches. They are not force fields. They do not attack intruders. Rather they provide immediate, real-time alerts to security administrators and the organizations for which they work. In addition, they provide a tangible, measurable picture of where a company stands in the once-vague area of data security.

Click Here to Signup for the DCIG Newsletter!


DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.