What should happen with your business’ SIEM solution after the coronavirus comes to an end?
Eventually, the coronavirus outbreak crisis, which continues to engulf the United States and the globe, will end. Eventually, everyday life, with its social closeness and activities, will resume. The employees who, by and large, now work from home will return to their desks.
We can’t predict how the coronavirus may force your business to evolve. Perhaps you might embrace more generous work-from-home policies. In fact, some organizations may choose to maintain their current work-from-home direction, seeing a productivity boost. Others may find their employees clamoring for their old designated workspaces. Finally, some industries may permanently change in the wake of the economic demands created by the virus. Regardless, your enterprise will face a new IT infrastructure and new demands on your cybersecurity.
In all cases, you need to consider your business’ SIEM after the coronavirus comes to an end. You can’t pretend the future won’t look radically different from the present. Instead, embrace change and make sure you make cybersecurity a top priority.
Here’s what you need to weigh.
SIEM Advice for After the Coronavirus Ends
A Broader Reach for Log Management Capabilities
First, your SIEM needs to take stock of the growth and scale of your IT environment after the coronavirus ends. Possibly, the coronavirus forced your enterprise to migrate to the cloud faster and more comprehensively than you initially planned. Alternatively, the outbreak and subsequent work-from-home explosion might expand your network to include devices and endpoints outside your normal monitoring. Otherwise, your organization may now face new threats stemming from the new work-from-home normal.
In all cases, your enterprise needs to ensure it can extend its cybersecurity monitoring and visibility over its broad infrastructure. Next-generation SIEM solutions can thankfully provide such monitoring through their log management capabilities. Log management can collect, aggregate, and normalize data from throughout the IT environment. While trying to deploy log management across the entire network at once can bury IT teams in alerts, SIEM benefits from a slow approach; you can first deploy SIEM on the most sensitive databases before extending it to more remote areas.
In fact, while the coronavirus continues to rage outside, this might be an ideal time to expand your SIEM log management to cover databases and endpoints previously unseen. Log management can extend your visibility and even uncover previously unknown databases. After all, without proper privileged management and data loss prevention, any employee can create new databases and upload valuable information.
New Threat Intelligence For New Threats
One of the most terrifying realities concerning hackers is their adaptability. Few hackers feel content to just rest on their laurels. Instead, they constantly innovate. For example, hackers might evolve their malware to become more evasive (fileless malware, in particular, provides evidence of this). Additionally, they might modify existing malware to carry out a different malicious mission i.e. stealing healthcare data rather than credit card numbers.
However, hackers also change tactics based on IT environments and any alterations they experience. Mass migration to the cloud changed the face of malware forever, as it made the digital perimeter much more porous than ever before. Now the work-from-home revolution, connected to the coronavirus outbreak, creates a similar effect.
Thus, your enterprise needs the latest in threat intelligence to combat new malware and attack tactics. Your SIEM solution’s before and after the coronavirus effectiveness depends on providing it with the most relevant and up-to-date information; feeding it incorrect or outdated information allows attacks to proceed unmitigated. The longer a threat continues uninterrupted and unmitigated, the more damage it does and more costly the remediation.
Next-generation SIEM solutions connect your IT security team to multiple threat intelligence threads, generated by the provider and by trusted sources.
Finally, with the coronavirus forcing your network to change in radically different ways, we need to talk about alerts. Before the coronavirus, your network may not have been as extensive. Perhaps your IT security team did not receive so many alerts that your IT team felt overwhelmed by them.
However, even if that was the case (as unlikely as that seems), it can’t be the case anymore. With so many employees working in unique conditions and from different locations, you may face so many more alerts than before. Security team burnout may become inevitable as they become buried in alerts.
Without the right capabilities, your SIEM alerts after the coronavirus could bury legitimate alerts. Thankfully, next-generation SIEM solutions provide contextualization for all of its alerts. This helps IT team members sort through the alerts and help them identify possible security events faster.
How to Learn More
Check out our SIEM Buyer’s Guide for more on what comes after the coronavirus. We cover the top solution providers and key capabilities.
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020