Careers & Certifications

01:00 AM
Frank Ohlhorst
Frank Ohlhorst
Commentary
50%
50%

SIEM Offers Better Network Security Protection

Can enterprises effectively combat network sophisticated intrusions with lessons learned from the past? The answer is yes, thanks to SIEM.

The modern enterprise is at war, a continuous battle taking place at the edge of the network, with security appliances attempting to keep intruders at bay. Some attacks are able to penetrate the defenses and infiltrate the network. Considering the technology involved, the layering of threat prevention systems and the sophistication of defenses, one would think an intrusion would be impossible.

However, the nature of network security is reactive -- threats are detected and then, hopefully, blocked. Obviously, reactive technologies are not completely effective, especially if one fails to rely on gathered intelligence, trends, and the potential of the enemy. Many security administrators, along with security product vendors, make the same mistake: They base their defenses on what an attacker may do, not what the attacker can do.

Simply put, modern security systems rely on signature-based and heuristic engines to combat threats, yet only have milliseconds to make a decision and can only detect problems with static code.

What is SIEM?
Strengthening security takes a proactive approach, one that can only be fueled with proper intelligence gathering techniques. Enterprise security vendors are seeking to provide that intelligence with Security Incident and Event Management (SIEM), which gives administrators an upper hand in the intelligence-gathering and forensics process. After all, the best defense is often a good offense, where trends and attack profiles can be identified and then stopped before a full-blown incursion occurs.

So, what exactly is SIEM and how does it help the harried administrator shore their defenses against intrusion? In all actuality, SIEM is nothing more than a way to centralize what is happening with security on the network and offers a converged view of all security products participating in the defense of the network.

That unified view of network security gives administrators an edge. From one console, they are able to ascertain the security status of the network, observe attempted breaches in progress, and identify anomalies that may precede an attack. In essence, SIEM becomes the intelligence tool needed for effective combat.

While that may be a somewhat simplified description of SIEM, one cannot dismiss the power that proactive management brings to the table for security.

Getting the most benefit from SIEM
Nevertheless, SIEM has to be used correctly to provide any true benefits. Many adopters make the mistake of implementing SIEM and then just defining triggers for alerts. The truth here is that triggers (and their alerts) are still a reactive ideology. To fully leverage SIEM, one has to live in the technology, and actively monitor what is happening, while regularly running analytical reports to identify trends or attack profiles.

The simple fact of the matter is that most orchestrated attacks begin with probes or other queries against the defenses. Identifying those traffic anomalies can lead to building a defense before an attack commences, and that my friends is where the real power of security technology lies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
11/15/2013 | 5:11:42 PM
SIEM challenges
The amount of expertise required to get value out of a SIEM makes it a technology only large enterprises with the resources can really benefit. SIEM has been hyped for years, but in many ways has yet to fulfill its promise.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
11/15/2013 | 11:57:52 AM
Who has the time?
How many organizations have the time to track the warning signs proactively? Is this a task ripe for outsourcing, or are there reasons it needs to be handled internally to be effective?
Hot Topics
7
12 Hot Programming Languages To Learn
Ericka Chickowski, Contributing Writer, Dark Reading,  7/8/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed