Best SIEM Advice from the First Half of 2021

Solutions Review compiles the best SIEM advice from the first half of 2021. 

As part of our ongoing research into the cybersecurity market, Solutions Review frequently covers the latest in data breaches, cyber-attacks, and authentication failures. When we do this, we try to accompany the facts with expert advice and perspectives from some of the most recognized voices in cybersecurity. 

As a result, we’ve accumulated several relevant pieces of SIEM advice from the first half of 2021, generated by attacks and breaches. We decided to curate our favorites into one article. Here they are: 

Widget not in any sidebars

Best SIEM Advice from the First Half of 2021

Purandar Das

Purandar Das is CEO and Co-Founder of Sotero Software.

From: Expert Commentary of the Washington State Auditor Office Breach

“Data sharing, by organizations, is one of the key areas of vulnerability. This activity is an area that will be targeted more and more by hackers. Organizations have relied on “secure data transfer”, meaning the data is protected in transmission, as being sufficient. This is no longer true. Even if the data is secure during transmission the underlying data is in cleartext. True and complete data protection has to be built from the ground up. Regardless that the data is being transmitted over a secure channel, data security must start at the source. Meaning the data should be protected (encrypted) all the time, even in use. This is a huge part of protecting data and information.

Credit card companies discovered this a long time ago. Hence the reason why credit card information is never transmitted to the retailer. The card companies encrypt it and don’t transmit or share the information. Unfortunately, the same mechanism does not work for everyone. The transmitted data needs to be available for use and analysis. Adopting newer technologies that enable the use of encrypted data by the proper parties coupled with multi-party key ownership for authentication is one way to eliminate data loss during transmission.”

Chris Clements

Chris Clements is VP of Solutions Architecture at Cerberus Sentinel.

From: Key Lessons from the Malaysia Airlines Nine-Year Data Breach

“One of the worst aspects of ‘supply chain’ attack compromises is that it can be even harder to detect than a direct breach of an organization.  Now more than ever businesses need to fully vet and actively manage vendors who may be able to access sensitive systems or data.  A strong vendor management program can go a long way to preventing exposure by requiring third parties that interact with a business’s data or systems follow information security best practices and can demonstrate due diligence by adhering to well-known security standards such as NIST or ISO and also perform regular security testing to ensure that no mistakes that could lead to exposures have fallen through the cracks.”

Rajiv Pimplaskar

Rajiv Pimplaskar is Vice President of Veridium. 

From: Expert Commentary on the Geico Data Breach Disclosure

“The customer data theft from Geico is a stark reminder of security bugs and vulnerabilities with typical websites.  According to Verizon’s Data Breach Investigations Report, approximately 81% of data breaches occur due to poor passwords or compromised credentials.  Traditional Two-factor Authentication (2FA) is also vulnerable to “man-in-the-middle” or MITM attacks. Companies can and should embrace passwordless methods like “phone as a token” or FIDO2 to improve security and reduce dependence on passwords. Also, an added benefit is that such technologies are easier to use which improves the overall user experience.”

Saryu Nayyar

Saryu Nayyar (she/her) is CEO of Gurucul.

From: Expert Commentary on the Geico Data Breach Disclosure

“This is infuriating. Geico is essentially skirting blame for this breach, and worse – making the victims take responsibility for protecting their driver’s license number from being used to fraudulently apply for unemployment benefits. In the notice of breach letter, Geico states, “fraudsters used information about you – which they acquired elsewhere…” What information exactly and from where? Geico either doesn’t know or won’t say. In response, they are offering 1 year of free identity-theft protection, but that doesn’t address the unemployment benefits fraud that they admit is the imminent threat. Geico customers must monitor state unemployment communications and contact the agency if they experience a problem. Do you know how hard it is to contact any US state unemployment agency during a pandemic? It’s a nightmare and overwhelmingly time-consuming. There are better ways to protect customers from fraud. Security analytics can detect and stop fraudsters before they drive off with your PII.”

Tim Wade

Tim Wade is Technical Director, CTO Team at Vectra. 

From: Wegmans Notifies Customers of Data Leak

“The ability to detect and respond in real-time is an essential part of modern security.  Misconfiguration issues don’t seem to be going away any time soon, which means customers that rely on everything being 100 perfect correct will be sorely disappointed when reality strikes.  There needs to be a holistic approach to security – yes, minimizing misconfiguration and hardening services is part of that holistic approach – but until organizations have a plan to identify the breach in real-time, this type of activity will continue.”

Thanks again to these experts for their time and expertise. For more on cybersecurity advice and market information, check out the SIEM, SOAR, or MDR Buyer’s Guide.

Widget not in any sidebars