An organization's network contains a wealth of information that can help identify threats. However, collecting, reviewing, and responding to this information is a monumental challenge for most. There are many threat management solutions available, but it’s important to remember that one size does not fit all.
When custom-tailored to a network’s specific needs, Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) solutions allow an organization to centrally collect data and appropriately respond in a concise and predictable way that reduces risk and helps meet compliance regulations.
A solid threat management solution will help a business with visibility, sustainability, and compliance. It should also help an organization reach these three goals:
Goal 1: Minimize Impact of an Attack
The 2018 Data Breach Investigations Report shows network visibility and breach identification continues to be one of the most challenging aspects for growing businesses. Statics also show that small businesses are the least prepared to detect and respond to an incident. Unfortunately, attackers have caught on, resulting in an astounding 58 percent of data breach victims being small businesses. It is tempting for businesses to consider themselves too small to be targets, but statistics show smaller organizations make prime targets.
The report also shows that 68 percent of 2,216 confirmed breaches weren’t discovered for several months! That means someone was inside a business network freely looking for valuable data for months before anyone noticed. A customized threat management solution that meets a business’ specific needs will dramatically reduce detection time from months to minutes. Once detected, incident response can be immediately initiated to stop an attacker’s access and limit the damage they can inflict. One security management company, AlienVault, reports improving threat detection and incident response time by 80 percent, which correlates to a giant win in visibility.
Goal 2: Let Leaders Focus on Business, Not IT
While it is certainly possible to set up your own SIEM and IDS for your environment, the monitoring and maintenance required to ensure the alerting is current can be very time consuming. Standard SIEM and IDS can collect and generate hundreds of thousands of events per day. These events can then be correlated into several alarms that can bog down an IT staff.
One of the primary goals in designing a business’ threat management solution is allowing leadership to focus on growing their business rather than IT. A customized solution can accomplish this by taking over security alarm review, incident notification, and management of security appliances. All alarms are reviewed in a timely fashion, tuning each device as needed, and kicking off initial incident response steps on behalf of the company so IT staff or a business leader can focus on more valuable tasks such as growing the business.
Goal 3: Help Maintain Compliance
Several of the prominent compliance frameworks today (HIPAA, PCI, NIST, ISO) have requirements for collecting, reviewing, and retaining logs. This can include the logs from servers, workstations, networking equipment, and more. A strong SIEM solution allows the peace of mind that all logs are being centrally collected, reviewed, and alerted by a team of specialist engineers. It also ensures they are retained for the length of time necessary to meet compliance needs.
Another common compliance requirement is vulnerability management. A SIEM solution should include monthly vulnerability scans to show the common areas an attacker may target. Compliance initiatives such as PCI require quarterly vulnerability scanning.
Shaun Bevill is the Director of Information Security at C Spire Business. Contact him or the C Spire security team at ask@cspire.com