CISO’s and CIO’s are increasingly becoming wary of these new age threats like APT (advanced persistent threats)’s, AET (advanced evation techniques)’s, zero day advanced malware. These have the capability to deflect all kinds of defense strategies and exfilterate confidential information to criminals sitting in remote locations.
Cisco’s global threat report says 54% of the time, it takes months to detect a compromise and 75% of the time, the compromise of information would have happened in minutes. This level of compromise on information surely creates huge risks to the business and reputation of an organization and there is no choice but to stay one step ahead of the attackers who are more motivated than before.
We were recently faced with a customer problem where they had invested in a wide range of security technologies from APT detection, Intrusion prevention to database attack monitoring. The real problem was that they were unable to get a single view of all their organization issues despite the millions of $ investments in their security strategy.
An answer to the above problem is having a robust Security Information and Event Management (SIEM) tool that provides a single dashboard view of all security events for an organization in real-time, especially in the light of recent security outages on organizations. Gone are the days, when SIEM was seen as a tool to generate compliances to various standards, infact organizations have long moved from this stance and now use SIEM more from a threat detection, prevention and mitigation perspective, especially in the current connected scenario.
But the world is constantly changing, we need to study data and derive patterns through them to secure our borderless organization. Imagine if your security solutions implemented had advanced security analytics ability. This is what is transpiring in the new world of SIEM. A new wave of SIEM products are entering the market offered by managed security providers. These solutions have capabilities to do advanced security analytics and the possibility to feed virtually anything into the SIEM (ex: Network traffic data, endpoint data etc). The power of looking at network traffic, server logs, endpoint logs, application flow data has given immense capabilities to new generation SIEM’s to detect specialized and business specific threats more effectively. They achieve this through correlation of all the events and packet information that are gathered from the infrastructure. This state of the art threat intelligence is applied to zero in on an attack which might be in progress or is about to happen. This pre-emptive monitoring and warning the SOC on an impending attack, gives the organization enough time to prepare for an attack to ensure that there is no loss to revenue of reputation. In many times pre-emptive knowledge can also thwart the attack.
So do you have your superhero ready? Or do you have gaps in your security infrastructure which leaves the door open to unwelcome intruders?