Of all the subfields in cybersecurity, SIEM is probably the hardest to wrap your head around. The other ones are relatively simple. Endpoint security is the front line defense: setting up a perimeter, scanning for threats, and removing them. Identity Management is the Customs Office, checking identities and verifying that applicants aren’t on the no-fly list.
But SIEM? From abstract descriptions alone, SIEM sounds like an aggressive bureaucrat with its emphasis on logs, reporting, and compliance. Yet a SIEM solution is just as vital to your enterprise’s cybersecurity platform as its seemingly more comprehensible counterparts. In fact, it might just be the key to your enterprise’s digital transformation.
But what is SIEM, really? Security information and event management gathers system data for reporting and compliance purposes and logs data for security analysis. That’s no mean feat either—corporate systems can generate up to 10 terabytes of plaintext data a month.
SIEM is all about centralization: centralizing your reports and logs and bringing it all under a microscope to hunt for discrepancies and anomalous behavior. That must sound like a sweet deal. After all, isn’t the idea of your enterprise remaining centralized and security-visible as it scales part of the appeal of digital transformation?
Yes and no. As your enterprise considers, or undergoes, digital transformation, here are some pros and cons of an SIEM solution to weigh.
Pro: Mitigating the Cybersecurity Staffing Crisis
One of the most worrying parts of cybersecurity isn’t just the deluge of threats and malicious actors—it’s the absence of talented people to stop them. According Symantec and ISACA, 1.5 million to 2 million cybersecurity jobs will go unfilled next year. 40,000 such jobs go unfilled each year because there just aren’t enough people with the qualifications to do them. Which means finding the right members for your IT and cybersecurity staff might be a mountainous uphill battle.
A SIEM solution deployed in your enterprise’s network can analyze your event logs and corporate data faster than a human ever could. It can flag suspicious activity so your staff can find and manage incidents faster. Some estimates place the time saved for cybersecurity professionals at nearly 25%—time that could be spent facilitating your enterprise’s digital transformation.
Con: SIEM Deployment is a Hassle
On the flip side, SIEM is not a set-it-and-forget-it tool. It does require a dedicated staff to deploy and maintain it, evaluate its detection capabilities, and sort through the incidents it flags as possible threats; false positives are more than possible.
Many enterprises believe that simply selecting an SIEM solution is enough, but the numbers don’t lie: 41% of enterprises took 6 months or more to deploy their solution according to a Ponemon study. 25% never achieved full deployment, making the selection a waste. Enterprises undergoing digital transformation might find the resources to properly manage SIEM difficult to part with. Or worse, they believe their digital transformation is being boosted when in reality it is being hampered by their choice.
Pro: SIEM Can Detect the (Normally) Undetectable
Most other event logging solutions don’t have incident detection capabilities, placing SIEM head and shoulders above them in functionality. SIEM can identify signs of malicious activity automatically and reconstruct events across multiple hosts to determine the full nature of an attack. In addition, SIEM is one of the few ways to detect a zero-day attack—an attack that takes advantage of unknown exploits in solutions, operating systems, or applications and avoids the gaze of traditional anti-malware detection.
While it can’t take the place of endpoint security or firewalls (it needs the information from them to detect security events) SIEM can facilitate their functions almost like an intelligence agency. In fact, it can even monitor threat intelligence feeds from trusted sources and incorporate that data into its detection rules. Some solutions can even stop security events in progress.
If your enterprise is undergoing a digital transformation, SIEM is vital to keeping your new digital domain as secure as possible.
Pro: Compliance to Suit Your Digital Transformation
SIEM’s centralization capabilities makes reporting and logging security events far easier, allowing for customization options to suit your enterprise’s needs. The alternative would be gathering disparate data and reports from throughout your enterprise—which in the era of digital transformation can be a nightmare to collect.
Furthermore, plenty of SIEM solutions come standard with built-in support for compliance efforts such as HIPAA. This could save your enterprise time and energy much better directed toward completing your digital transformation and embracing the realities of the modern marketplace.
That does seem like more pros and cons, but SIEM is a complex and powerful tool. As such, it should be treated with care and consideration; make sure you communicate with your cybersecurity team to evaluate if they can properly manage a SIEM solution or if SIEM is what they need to fulfill their roles to maximum efficiency. If you feel that SIEM is what your enterprise needs to fulfill its digital transformation but you lack the resource to manage it, then consider looking into a managed security solution provider.
Above all, digital transformation is a difficult process. It can be rewarding, but only if it handled like a caterpillar in its cocoon—carefully.
Latest posts by Ben Canner (see all)
- Top 5 SOAR Vendors to Watch in 2020 by Solutions Review - January 16, 2020
- Solutions Review Releases New 2020 Buyer’s Guide for Security Orchestration, Automation, and Response (SOAR) - January 14, 2020
- Solutions Review Releases New 2020 Buyer’s Guide for Security Information and Event Management (SIEM) - January 14, 2020