At the enterprise level, there is no such thing as “hands-off cybersecurity.” Technically, such a term may not even apply to personal cybersecurity, but that’s a question for another day.
Ultimately, hands-off cybersecurity represents a dream for IT decision-makers for businesses of all sizes. After all, if you can just set and forget your cybersecurity, you can focus your attention on other critical IT processes or personal threat hunting.
However, it doesn’t exist. It doesn’t exist for SIEM, or endpoint security, or identity management. In fact, the former embodies the new attitude necessary for optimal cybersecurity performance more than any other InfoSec tool; that attitude involves constant maintenance and vigilance.
SIEM operates through log management; it collects data from various network locations and consolidates and aggregates them into a single network location. So far so good. Then it normalizes that data and scans it for security events before sending an alert.
But that description leads to numerous questions. Where does SIEM collect the necessary data from (as in, which network locations do you prioritize)? Trying to aggregate from too many IT environment components at once can quickly burn out your IT security team. How should the program normalize the information it does collect? What constitutes a security event?
That last question should definitely give you pause; failing to answer it adequately can lead to a significant number of false positives, further leading to burnout or lost opportunities for threat hunting. You need to constantly reconfigure your SIEM parameters to match with your current IT environment, business goals, and workforce demands.
To do otherwise, and embrace a hands-off cybersecurity model, is to let your business remain at risk. Find out more in our SIEM Buyer’s Guide.
Latest posts by Ben Canner (see all)
- How SOAR Can Protect a New Remote Work Paradigm - November 24, 2020
- There’s No Such Thing As “Hands Off Cybersecurity” - November 20, 2020
- What to Expect During the First Annual Solutions Review Cybersecurity Insight Jam - November 20, 2020