News

02:27 PM
Connect Directly
RSS
E-Mail
50%
50%

SMB Security Monitoring Gaining Sophistication

Preventing breaches and attacks is increasingly driving security information and event management tool adoption for small and midsize businesses.

Are security threats against small and midsize organizations increasing, are these organizations getting savvier about their security, or perhaps both?

The question is relevant because, increasingly, small and midsize organizations appear to be using security log management software -- in its more advanced form, also known as security information and event management (SIEM) software -- not just to demonstrate compliance after the fact with regulations, but also as real-time warning consoles for preventing or detecting in-progress attacks or for pursuing forensic analysis.

Those findings come via SANS and RSA, which recently conducted studies of log management use at small and midsize organizations. The SANS Sixth Annual Log Management Survey Report, released in April, surveyed about 501 people, 29% of them at companies with 2,000 or fewer employees. Separately, RSA surveyed 50 organizations with 10,000 or fewer employees that use log management or SIEM software.

"This data suggests that organizations want and need the efficiency of a log management solution to move beyond compliance, to security detection, reaction, and prevention," said Jerry Shenk, senior analyst at SANS, in a statement.

Exactly what are their top requirements when it comes to log management? "Respondents reported that logs are most useful for forensic analysis and correlation, followed by detection and prevention -- both at more than 90%... suggesting the needs of midsized organizations are becoming more sophisticated," according to a statement released by RSA.

Beyond displaying more advanced security needs, small and midsize organizations, perhaps unsurprisingly, do face slightly different concerns and drivers for using SIEM. For example, according to the SANS survey, which also queried larger organizations, the overall "most critical" reason for collecting security logs, endorsed by 63% of respondents, was to detect or prevent either unauthorized access or insider abuse.

Detection and prevention, meanwhile, were either the first or second most important consideration overall for 83% of respondents, while roughly 40% said that meeting regulatory or compliance requirements, as well as forensic analysis and correlation, topped their most-critical list. For roughly one third of respondents, tracking suspicious behavior topped the requirements list.

For small and midsize organizations, however, almost 80% of organizations ranked detection and prevention as their most critical requirement. According to the RSA survey, roughly 75% also rated real-time log monitoring as essential.

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Twitter Feed