SIEM: What It Is and Why
You Need It

In November 2020, the Hendrick Medical Center in Texas was forced to shut down its IT networks due to a security threat.  On December 6, 2020, GBMC HealthCare in Maryland was hit by a ransomware attack.  Back in September 2020, the Jersey City Municipal Utilities Authority fell victim to a cyberattack that blocked access to “vital” water and sewer information.  Months later, their system still has not been fully restored.

None of these events received much national, let alone international, attention.  A few local news outlets covered the incidents, and that was that.  Yet, these attacks had endangered the security of the private information of hundreds of thousands of citizens and patients.

The sad reality is that organizations in the healthcare and education sectors, as well as state and local governments, are some of the biggest targets of cyberattacks, and dozens of incidents like these happen on a weekly basis.  Major news outlets simply can’t cover each and every one of them.

SIEM technology can help your organization minimize the risk of a successful cyberattack. So today, we are going to break down this term and give you three reasons why you should invest in this technology.

What is SIEM?

SIEM stands for Security Information and Event Management.  As the name implies, the SIEM framework combines two pieces of technology – Security Information Management and Security Event Management.

SIEM can be provided in the form of a software solution or managed services.

SIEM is a term first coined by Gartner, in its 2005 report on IT security and vulnerability management.  Early platforms, however, were limited in their scalability.  Fortunately, since their early days, SIEM solutions have been revolutionized in their capacities.  Modern SIEM technology can perform the following functions on a massive scale:

●  Data collection from such sources as firewalls, servers, personal devices, applications, databases, and wireless access points through log management.

●  Analysis of historical and real-time data to identify patterns and, more importantly, detect unusual activities and vulnerabilities.

●  Automated analytics-based alerting of correlated events.

●  Presentation of information in a unified dashboard, often through user-friendly visualizations.

●  Automating compliance through the generation of reports based on a pre-defined set of auditing processes.

●  Log forensic analysis that will examine logs for relevant information about a cyberattack and its access points.

●  Automating threat response through a pre-defined workflow.

Why invest in SIEM?

SIEM solutions allow your IT department to assume a proactive approach to cybersecurity.  Given the constant increase in the number of cyberattacks and the scale of their damage, organizations that are proactive are best positioned to protect their networks and systems, minimize the risk of a successful attack, and, if an attack does succeed, swiftly respond to it.

Here are three very good reasons to invest in SIEM:

SIEM simplifies compliance

Whether it’s HIPAA, PCI DSS, GDPR, or GLBA, your organization most likely needs to have a centralized logging and event management IT system in place.  SIEM will help you do just that.  Furthermore, you can automatically generate reports based on pre-defined criteria.  For example, the HIPAA §164.308 Administrative Safeguards section requires that organizations “implement policies and procedures to prevent, detect, contain, and correct security violations.”  SIEM solutions can generate reports on suspicious activity by users, audit failures by users, top suspicious users, etc.

SIEM allows for data-driven decision making

A well-designed SIEM dashboard is a powerful tool that offers stakeholders insights into a network’s weaknesses.  Why are you requesting a larger budget for your IT?  What specific cybersecurity concerns is your team targeting to address that could otherwise compromise the integrity of your system?  Your organization will be able to make smart IT decisions, anticipate your cybersecurity needs, and optimize its spending.

SIEM helps create a more easily scalable system

While identifying and preventing threats is a SIEM solution’s number one priority, it is a versatile tool, which can be easily applied to a variety of processes.  For example, you can measure the growth of your data volume over time.  This will allow you to make projections and make more accurate budget forecasts.  SIEM solutions will also help you improve operational efficiency.  Since it aggregates security log data from a variety of sources, your IT staff will be able to quickly map an attacker’s route through your system.  It also lets you identify which parts of your network are impacted by an attack.  This, in turn, significantly reduces the scope and increases the effectiveness of your threat response.

SIEM alone is not enough

Strong cybersecurity is multi-layered.  It protects data and its network environment through multiple angles, with each solution focusing on a narrow set of tasks.  Therefore, while SIEM is a multi-functional tool that will significantly improve your cybersecurity, it, on its own, is not enough.  Make sure that you have reliable solutions for data encryption, data hosting, wireless intrusion prevention, anti-malware and anti-virus software in place, and, if possible and depending on your infrastructure, a SASE network architecture.