The need for a reliable cybersecurity company is on the rise, and while enterprises are finding that SIEM solutions are a great option to fulfill compliance regulations, when the SIEM is not managed properly, there can be some concerns. A lot of companies will try to DIY their SIEM solution and then realize it is too difficult, so then they start considering SIEMaaS as an option. A SIEMaaS that hosts, manages and does everything for the company is ideal, and most of these third-party companies appear to do that, but most fall short with what they can really offer.
On the surface, a SIEMaaS company sets up a lot of rules and is monitoring every activity within an enterprise’s network, but that is just not the case. What’s really happening is those enterprises are missing about 90 percent of critical activity information. We know this simply by understanding that the third-party SIEMaaS companies are limited to setting up only 20-30 different rules to the SIEM — rules being the determining factor in recognizing malicious and unusual activity. To those who don’t know SIEM, that may sound awesome, however, there are two issues.
The first issue with 20-30 rules is that a quality SIEM cybersecurity company, like StratoZen, will set up HUNDREDS of rules for one company’s network. Why? Because that’s what is required in order to monitor all the activity that is needed. Further, the second issue is that their 20-30 rules are not necessarily customized as they should be. Every IT individual knows that each network environment is different, and one rule (or 20) does not fit all. These rules need to be customized in order for the SIEM to perform at its fullest optimization.
Networks are constantly changing; new software, configurations and devices result in continuous updates within an electronic environment. With each system update, hackers look to exploit any hole or glitch. Without the ability to customize your SIEM, how is it going to adjust to the changes? The answer is, it can’t.
A SIEM with limitations in customization and the number of rules is going to struggle to monitor crucial activity. While it may seem nice that the SIEM isn’t reporting false positives, that’s only because the system isn’t set up to see enough of the events going on. It needs more rules applied to all the events that can take place.
Beyond these two issues and the side-effects that come with them, the cost for these kinds of services will sometimes be charged by EPS (events per second) or the amount of storage you consume.
What’s the Solution?
It is pretty clear that there are some serious concerns with the typical SIEMaaS company, but not all hope is lost. If you are looking to fulfill SIEM compliance mandates, StratoZen’s SIEM Management is top-notch. For example, just touching on the two issues discussed above, StratoZen is a SIEM cybersecurity company that can deploy a SIEM within a network and set up hundreds of custom rules that fit the need of the enterprise. Our SIEM solution, along with our supporting staff, not only sees the 10 percent of events that other companies do but all 100 percent of them. Our reports, notifications and lack of false positives give our clients the comfort and confidence every enterprise needs.
For any questions or inquiries, contact us today., and make sure to keep an eye out for our next blog, “StratoZen’s SIEM Management.”