SIEM

Just SIEM

Posted by on / 0 Comments

As I spoke with many CIOs and heads of IT at a recent financial services conference, I realized that these organizations are tired of being told that they need to change out their technology stack, replace the systems and SIEM solutions they have already invested in, or add yet another piece of agent software to the systems.  I’m here to tell you that the next generation of cybersecurity and compliance solutions do not require you to do that.

Each financial service company is different, and so is the network technology they deploy.  You have spent a lot of time figuring out which solutions would meet your needs; which would reduce your cyber risk most effectively.  You have trained personnel in these solutions, and you have integrated them into your ticketing and other systems.  Vendors don’t appreciate the level of effort it takes to rip and replace technology solutions.

So often I see financial services companies invest in, deploy and use some of the best security solutions out there. However, they don’t use them effectively.  Each solution has its own dashboards, portals, and interfaces that require separate logins, management and monitoring.  Most organizations don’t have the personnel to utilize these technologies adequately. Therefore, the systems don’t provide the level of protection required.  The organization gets frustrated with the solution and begins looking for a replacement.  The next sales guy peddling a replacement product takes advantage of the client’s frustration blamed on the previous product.  They then replace the old product with a new one. However, that doesn’t solve the underlying problem and the cycle starts again.  The problem usually isn’t any particular single-point solution but rather the lack of holistic visibility and management.

As you work toward increasing your cybersecurity maturity, don’t focus on what to replace. Instead, focus on how to bring it all together.  Rather than replacing useful technologies, extract the value you want by having the alerts, events, and incidents from that device and sending them to a security information and event management (SIEM) platform.  A SIEM can ingest all of the data, cross-correlate it, stitch together other useful information from threat feeds, GEO location data, etc., prioritize the events based on criticality and alert you when you need to take action.

Unfortunately, SIEM platforms are insanely tricky to set up and maintain. Still, with the right service provider willing to customize it to your network, organization and users, you can have a near-zero false positive SIEM. If a company tells you that it is impossible, you are using the wrong service provider. SIEM allows you to get all the value from your other systems without changing them out. The right SIEM can do this without having to load any more agent software. They can also do this without dictating to you which technology you can use or which they can support.

A SIEM is all about reacting faster to the security events your existing technology finds in your environment.  It helps you identify threats that a single point solution can’t detect on its own.  It is about taking suitable security hardware and adding advanced intelligence and automation to reduce your risk as an organization dramatically.  A properly configured, modern SIEM can integrate with your current technology to automatically trigger actions under appropriate circumstances.  A SIEM is what helps keep you compliant with all those regulatory compliance requirements.  A SIEM can give you a single dashboard to login to for forensic investigation, analysis and threat response.  With the right partner, a SIEM can give you the peace of mind you have been searching for.

Author

Kevin Prince, Founder and CEO, StratoZen

SIEM

Security 2020 author Kevin Prince is the founder and CEO of StratoZen, providing managed threat detection, response, and compliance solutions to organizations around the globe. With years of cybersecurity experience under his belt, Kevin is also the former CTO of Compushare (now Finastra) and Perimeter eSecurity (now BAE Systems). Before founding StratoZen, Kevin also founded Red Cliff Solutions, a financial services MSSP and served as a former trainer to FDIC, NCUA and FFIEC auditors.