Latest News

What is a SIEM?

SIEM stands for Security Information and Event Management and is pronounced ‘Sim’ (like how you would say ‘SIM’ card). The process refers to real-time monitoring of IT security events as they happen and can combine that capability with rapid analysis of those events. 

The process side of SIEM refers to actions like tracking and logging security data. This data can be used to explain and analyse suspicious activity after a breach (or suspected breach) has occurred. It can also be used to provide to regulators and third-party security consultants for audit and compliance actions.

Why Do Businesses Need a SIEM?

SIEM is based on a very simple maxim: prevention is better than cure! Just like a fire alarm detects smoke before it can develop into a fire, a strong SIEM system allows potential threats to be detected and neutralised before they can disrupt a business's ‘real world’ operations. 

And aligned with the ‘prevention rather than cure’ mentality, a strong SIEM system can also work like a good Doctor. By this, we mean that it can detect a vulnerability before the threat to the health of a business actually emerges, and allow the organisation to put in place mitigation strategies.

How Do SIEM Tools Work?

To run with the example given earlier, SIEM tools work a lot like medical professionals. They collect data and are 24x7 monitored by a Security Operations Centre (SOC) which continuously checks the ‘internal workings’ of an organisation. That can mean logging data about the processes that run behind the scenes on servers and user devices and any public and internal applications used. 

That data is then analysed as it comes in, and compared to previous data sets. Rules are set up to help security teams define, and then detect threats. Those threat identification rules then generate alerts.

So, the process is similar to your GP ordering a series of blood tests over time, and then regularly monitoring the results and comparing them to known markers of potential health issues like high cholesterol. Those markers are compared against known ‘healthy’ ranges. A management plan or intervention might be required if a marker is outside a healthy range.

What is the Future of SIEM?

An interesting development of SIEM might be seen in the emergence of Security Orchestration, Automation and Response (SOAR) technology. This extension of SIEM principles is about coordinating security tasks and increasing levels of automation in the ‘respond and execute’ phase. 

If a SOAR system is comprehensive it should be able to manage threats and weak spots, respond to security incidents and automate security operations. 

The key difference between SIEM and SOAR is the ‘response’ phase. SIEM will alert security analysts of possible issues, but SOAR extends beyond that with the response phase, which can include an automated response to defined or identified threats.

In that way, SOAR is a more proactive system somewhat akin to your bank automatically suspending the use of your credit card if it detects it being used internationally in a situation where you haven’t advised them you’ll be overseas. 

Does My Organisation Need A SIEM or SOAR Technology?

If you hold data on your customers and partners, do business online or have significant amounts of business intelligence held on computer systems then the answer is probably ‘yes’. It’s helpful to frame the problem by thinking of how inconvenient and time consuming it would be to get your day to day life back in order if you lost your phone. Our phones contain our contact lists, calendars, photos, apps and their saved passwords. Replacing and restoring access to all of that would be a long, tedious process.

Now scale that level of frustration, disruption and time lost to the full repository of information and intelligence you hold in your business's systems. Cyber security is a rapidly progressing space, because cybercriminals are getting ever more sophisticated, as recent events have shown us.

Preventing that headache in the first place, rather than having to deal with the aftermath, is what having SIEM or SOAR technology in place is all about.

How Do I Get Started?

Daunted? That’s understandable. But you don’t have to be. An experienced, reliable cyber security company like CyberUnlocked partners with businesses to help them understand the level of protection they need, and then gives them the information to choose what would suit their needs the best. If that’s something you’d like to explore or have any questions, we are ready to assist. If your staff have a lot of accounts and find it difficult to remember all of your passwords, then yes, a password manager is a valuable tool to help you stay secure online.