Protecting Your Data: Everything You Need to Know About Today’s SIEM Technology You have more data, from more devices, traveling across your network than ever before. So much data exists in-flight and at-rest at any given snapshot in time that it would be impossible for your IT team to parse through it all to discover and act on threats. SIEM does the dirty work for you. It aggregates event logs from all sources within your network, analyzes them, and then pinpoints and categorizes anomalies.

1. EVERYTHING YOU NEED TO
KNOW ABOUT TODAY’S SIEM
TECHNOLOGY
PROTECTING YOUR DATA:
ROBERT GREINER
https://linkedin.com/in/robertgreiner

2. 2
WHAT IS SIEM?
Cyberattacks happen every 39 seconds on av-
erage, according to research at the University of
Maryland. Luckily for us, most attacks leverage
unsophisticated brute-force methods that test
systems against the most basic vulnerabilities.
Unfortunately, even in 2019, systems around the
globestillremainvulnerabletostraightforwardcy-
berattacks. Worse, attackers can inflict substantial
damage at lightning speed with only the slightest
foothold into a single compromised system.
On the other end of the spectrum, as software sys-
tems and multi-cloud environments continue to
increase in scale and complexity, attackers are us-
ing a variety of increasingly sophisticated tactics
to infiltrate networks and do harm. These attacks
are not merely targeting the largest organizations
on the planet. Every business, no matter the size
or industry, is fair game. That means your busi-
ness is at risk, especially during times of digital
transformation.
That’s where Security Information and Event Man-
agement (SIEM) technology is invaluable in pro-
tecting your data assets. SIEM is a real-time securi-
ty management system that provides full visibility
across your IT environment, including all that is
occurring within your physical, cloud, and hybrid
networks. It monitors everything that is going on,
provides you with a history of activity, and offers
that critical insight that enables you to detect
threats and respond to them in real-time. Since it’s
virtually impossible to mitigate all current and fu-
ture cyber risks fully, a comprehensive monitoring
and event management solution is a must-have.
The undeniable truth is that hackers and online
fraudsters aren’t going anywhere, and if any part
of your network is vulnerable, they’ll find the
weakness. SIEM gives you a fighting chance and
allows you to stay one step ahead of them.
How Does SIEM Help You Protect
Your Data?
You have more data, from more devices, traveling
across your network than ever before. So much
data exists in-flight and at-rest at any given snap-
shot in time that it would be impossible for your IT
team to parse through it all to discover and act on
threats. SIEM does the dirty work for you. It aggre-
gates the event logs from all sources within your
network, analyzes them, and then pinpoints and
categorizes anomalies.
SIEM goes a step further than that, however. You
are able to set up guidelines and processes that
the SIEM will automatically follow when an anom-
aly is detected. For instance, let’s say one of the
anomalies is categorized as “malware.” The SIEM
will detect it and then respond using the rules you
haveestablished,triggeringanalertortakingsteps
to thwart the activity. Some security incidents are
quarantined without any human involvement -
keeping your people focused on more important
work.
SIEM can also recognize patterns, number of
events, and the timeframe of events and detect a
connection between them that indicates a threat
and send you an alert. The SIEM tool can then
store the logs for as long as you want to hold on
to them, ensuring compliance with current and
future security guidelines.
However, SIEM is not a perfect one-size-fits-all
solution. Doing SIEM right requires significant in-
vestment and organizational know-how. Ineffec-
tive SIEM implementations can increase the risk to
your organization. For example, Target was forced
to invest over $100M to increase the security of
their POS systems after their mega-breach, but al-
ready had the systems in place to detect the threat
that saw 40 million credit card numbers stolen.

3. 3
WHAT CAN GO WRONG WITH SIEM?
Challenges of SIEM
SIEM technology serves as a critical component in preventing cyberattacks that could bring down your
network or lead to costly lawsuits and PR disasters after breaches, but it’s not all rosy. As with all sophis-
ticated technologies, SIEM presents its unique challenges:
• SIEM is not cheap. You will have the initial costs of purchasing the solution and the installation of
it. Then you can expect to pay for ongoing maintenance or someone to run it, which might include
beefing up your staff or contracting with a provider. That can be the biggest challenge for organiza-
tions, but you must weigh that cost against what a data breach could cost you.
• Setting up the parameters for triggers and responses takes time. If not configured correctly,
your IT team will be inundated with alerts, many of which will be false positives. That is one of the
reasons why IT professionals often complain about SIEM, but if you put in the work initially, it can
save so much time and effort down the road.
• Results can take a while to see. It takes time to start realizing the value of SIEM. Think months,
not days or weeks. Fine-tuning your SIEM system based on the individual needs of the Enterprise is
critical for the long-term success and sustainability of your SIEM program.
• To be effective, SIEM requires knowledgeable people managing it. That’s often the most
significant and overlooked issue. Organizations don’t have someone on staff who can leverage the
full value of SIEM, they don’t have the budget to hire more workforce, and lean teams don’t have the
time to train multiple employees to become SIEM experts.
EFFECTIVE SIEM REQUIRES A HOLISTIC,
MEASURED, & TEAM-BASED APPROACH

4. 4
HOW DO I GET STARTED WITH SIEM?
Steps You Can Take to Ensure a Return on Your Investment
The first step is choosing a tool that meets the unique challenges and goals of your business, and that
means conducting a good bit of research and sitting through plenty of sales pitches and demos. There
is no one-size-fits-all approach.
However, even beyond the tool itself, to receive the full value of your SIEM solution, you will need to:
• Set explicit goals. Whether that is compliance, efficiency, or security. Know your priorities, so you
can find a tool that works the way you need based on what is essential to your organization.
• Ensure you have the right people. SIEM requires a dedicated effort both initially, as you set up
the system, and ongoing. Your employees need the right skills and know-how to continually evaluate
the solution and make adjustments and updates, as priorities and needs change. You’ll need your
IT team’s buy-in and commitment to reap the full benefits of the solution. Also, remember, SIEM is a
tool that can help make your IT team more efficient and your organization more secure but is not a
replacement for talented employees.
• Devote plenty of time upfront. The beauty of SIEM is that it can dramatically reduce time-con-
suming alerts so that your IT team can focus on more value-add work, like improving your long-term
security posture. However, effective automation is not possible if you don’t take the time to establish
detailed specific criteria for triggering alerts and the actions the tool should take when threats are
detected. Make sure you give this critical step the time and attention it deserves.
SIEM is a critical tool in your organization’s toolset. SIEM excels at threat detection, enables you to re-
solve issues fast, and helps you to remain compliant with industry-specific and federal regulations. It can
make your organization significantly more secure while boosting the overall efficiency of your enterprise.
An effective SIEM implementation might be the most crucial initiative your organization undertakes in
the near-term.
If you’d like help weeding through the options to find the right fit for your business, please contact me at
https://linkedin.com/in/robertgreiner.