Is it too early to think about business SIEM in 2021?
2020 proved one of the most challenging years in the history of cybersecurity and SIEM in particular. With the COVID-19 pandemic forcing many enterprises of all sizes to switch abruptly to remote work, cybersecurity concerns took something of a backseat for some IT decision-makers.
However, external threat actors took the opportunities provided by the chaos and confusion around COVID-19. In fact, COVID-19 offered hackers a new way to mask their attacks and new opportunities for crime. Therefore, 2020 also resulted in numerous businesses having to catch-up to a rapidly evolving threat landscape. Organizations relied not on established plans but on whatever worked efficiently.
Therefore, enterprises need to start thinking about SIEM in 2021 now, rather than putting it off. The unfortunate truth is that COVID-19 will most likely persist through 2021 (and possibly beyond). You need a SIEM solution that can accommodate the new normal for your workforce and business processes. Thus, it is time to formalize what might once have been informal and quickly created.
Here’s what to consider in SIEM in 2021.
Business SIEM in 2021
Drawing Logs from a Disparate Environment
One of the key components of SIEM, if not the key, is log management. In a nutshell, SIEM draws security event logs from across the IT environment. Then it aggregates the logs, normalizes them for easy analysis, and looks for patterns and links. Therefore, log management serves as the foundation of SIEM and of much of modern cybersecurity.
One of the most critical challenges in SIEM involves generating logs from the right digital locations. Trying to capture security log data from everywhere all at once quickly overwhelms even the best-prepared security team. Instead, you need to be selective; however, maintaining selectivity can prove difficult when managing remote workforces.
So your business needs a SIEM solution that can handle mobile devices, cloud databases, and other components of a remote workforce. Also, you should prioritize SIEM solutions which can scale rapidly to match the newfound demands of your cybersecurity in 2020 and 2021.
Modified Alerts and Contextualization
When a SIEM solution discovers a link between security events, it sends an alert to IT security teams for prompt investigation. This can rapidly increase reaction speeds and threat mitigation…so long as the alert points to a real threat.
Indeed, the challenge with SIEM alerts is that they work too well. Many alerts (some estimate a majority of them) turn out to be “false positives” which lead security teams on wild goose chases. This can waste valuable time and resources, as well as contributing to professional burnout. With the added layer of complexity stemming from remote workforces, SIEM in 2021 needs modified and filtered alerts.
Part of this can be done by modifying your own alert rules and configurations; SIEM is not a “set-it-and-forget-it” solution but a tool requiring active participation from human intelligence. However, you can also use contextualization to help your solution automatically sort through false positives and legitimate alerts. Contextualization provides the background information on security events, including who, what, and when. This can help your team determine whether the activity is truly suspicious or just fulfilling an unusual request.
Compliance Still Matters
Once upon a time, SIEM solutions only appealed to large enterprises, and then only for its compliance capabilities. Almost all SIEM tools come with out-of-the-box reports for different industries, which makes compliance reporting far easier. Compliance took something of a back seat as its threat detection capabilities became more widely adopted.
However, it still matters, especially in an era when cyber-attacks appear on an upward trajectory. Following compliance protocols can potentially help limit the legal liabilities that come with a data breach, and it serves a baseline model for a strong cybersecurity platform. With cyber-attacks looking to increase even more, SIEM in 2021 needs to arm enterprises with every tool that could help.
To learn more about SIEM, keep an eye on our Buyer’s Guide. We cover the top solution providers and their key capabilities in detail.
Latest posts by Ben Canner (see all)
- How SOAR Can Protect a New Remote Work Paradigm - November 24, 2020
- There’s No Such Thing As “Hands Off Cybersecurity” - November 20, 2020
- What to Expect During the First Annual Solutions Review Cybersecurity Insight Jam - November 20, 2020