It’s been easy to view the arrival of GDPR enforcement as an apocalyptic event, a cataclysm in privacy and data collection. The end is nigh, the end is nigh.
It may not be quite as doom-and-gloom as that, but it’s easy to see why SIEM experts feel that way. For two years, we all saw the European Union’s General Data Protection Regulation approaching like a tidal wave, but now that it has crashed down upon us most enterprises still seem in shock. Few seem to be responding to GDPR in an organized and efficient manner.
The time to prepare is over, so now the threat of heavy fines and legal fees from a regulatory compliance failure looms over us all—ready to strike at any moment. And with only a small percentage of enterprises adequately prepared, such a strike may come sooner rather than later as Facebook and Google have learned.
In that spirit, and given that identity is the most important aspect of cybersecurity, we thought it would be beneficial to examine how security information and event management (SIEM) vendors are responding to GDPR as well.
In the context of GDPR, SIEM serves as mechanisms for detecting threats promptly. Under the new data protection mandates, an enterprise has 72 hours after the discovery of a breach to alert all affected parties and the relevant regulatory oversight boards. Of course, that exposed enterprises understand the full extent of the data breach and can ensure that the threat is fully contained beforehand. With the infinite scalability of the digital enterprise, collecting security event data from everywhere in your IT environment is a tall order for even the most dedicated IT security team.
That’s where SIEM steps in. These solutions are capable of collecting and aggregating security event data from every endpoint and database in your enterprise, finding potential security correlations as a result. Although enterprises are ultimately responsible for their cybersecurity under GDPR mandates, SIEM can certainly help enterprises comply.
Thus, there is a lot of responsibility on SIEM vendors to perform their functions reliably in responding to GDPR. We selected some of the voices in SIEM, selected at random to preserve vendor neutrality, to hear what advice they had on GDPR:
LogRhythm is responding to GDPR through its LogRhythm GDPR Compliance Module for implementing technology focused practices, policies, and procedures that are mapped to GDPR mandates. It’s also offering features in its SIEM Suite such user blacklisting, network monitoring, and data masking to help ensure priority events are detected as quickly as possible.
Alienvault announced that its SIEM solutions USM Anywhere and USM Central were evaluated by a third-party (a good idea for enterprises that might still be struggling in responding to GDPR) and passed as GDPR compliant for data processors. The vendor promotes its solution as a centrally unified platform with pre-built compliance reporting templates and compliance certified cloud environment.
Splunk points out that real motivation behind GDPR is to help consumers protect their data, and thus enterprises need to focus as much on gaining data trust as they are on meeting GDPR compliance; there needs to be a culture shift to accompany the legal one. Having a SIEM solution can help reassure consumers that your enterprise is taking GDPR compliance and data protection seriously, which can be a powerful message of trust.
Sumo Logic has been conducting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) on their data flows. They’ve also created a Data Subject Access Request Portal so that customers can search for their personal information and underwent their own third-party assessment.
Latest posts by Ben Canner (see all)
- SIEM, SOAR, and XDR: What Does Your Business Need? - March 4, 2021
- Key Lessons from the Malaysia Airlines Nine-Year Data Breach - March 3, 2021
- Findings: The Forrester New Wave: Cybersecurity Risk Rating Platforms, Q1 2021 - March 1, 2021