Infrastructure // Network Security
01:00 AM
Frank Ohlhorst
Frank Ohlhorst
Connect Directly
Repost This

SIEM Offers Better Network Security Protection

Can enterprises effectively combat network sophisticated intrusions with lessons learned from the past? The answer is yes, thanks to SIEM.

The modern enterprise is at war, a continuous battle taking place at the edge of the network, with security appliances attempting to keep intruders at bay. Some attacks are able to penetrate the defenses and infiltrate the network. Considering the technology involved, the layering of threat prevention systems and the sophistication of defenses, one would think an intrusion would be impossible.

However, the nature of network security is reactive -- threats are detected and then, hopefully, blocked. Obviously, reactive technologies are not completely effective, especially if one fails to rely on gathered intelligence, trends, and the potential of the enemy. Many security administrators, along with security product vendors, make the same mistake: They base their defenses on what an attacker may do, not what the attacker can do.

Simply put, modern security systems rely on signature-based and heuristic engines to combat threats, yet only have milliseconds to make a decision and can only detect problems with static code.

What is SIEM?
Strengthening security takes a proactive approach, one that can only be fueled with proper intelligence gathering techniques. Enterprise security vendors are seeking to provide that intelligence with Security Incident and Event Management (SIEM), which gives administrators an upper hand in the intelligence-gathering and forensics process. After all, the best defense is often a good offense, where trends and attack profiles can be identified and then stopped before a full-blown incursion occurs.

So, what exactly is SIEM and how does it help the harried administrator shore their defenses against intrusion? In all actuality, SIEM is nothing more than a way to centralize what is happening with security on the network and offers a converged view of all security products participating in the defense of the network.

That unified view of network security gives administrators an edge. From one console, they are able to ascertain the security status of the network, observe attempted breaches in progress, and identify anomalies that may precede an attack. In essence, SIEM becomes the intelligence tool needed for effective combat.

While that may be a somewhat simplified description of SIEM, one cannot dismiss the power that proactive management brings to the table for security.

Getting the most benefit from SIEM
Nevertheless, SIEM has to be used correctly to provide any true benefits. Many adopters make the mistake of implementing SIEM and then just defining triggers for alerts. The truth here is that triggers (and their alerts) are still a reactive ideology. To fully leverage SIEM, one has to live in the technology, and actively monitor what is happening, while regularly running analytical reports to identify trends or attack profiles.

The simple fact of the matter is that most orchestrated attacks begin with probes or other queries against the defenses. Identifying those traffic anomalies can lead to building a defense before an attack commences, and that my friends is where the real power of security technology lies.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/15/2013 | 5:11:42 PM
SIEM challenges
The amount of expertise required to get value out of a SIEM makes it a technology only large enterprises with the resources can really benefit. SIEM has been hyped for years, but in many ways has yet to fulfill its promise.
David F. Carr
David F. Carr,
User Rank: Author
11/15/2013 | 11:57:52 AM
Who has the time?
How many organizations have the time to track the warning signs proactively? Is this a task ripe for outsourcing, or are there reasons it needs to be handled internally to be effective?
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.