At the enterprise level, there is no such thing as “hands-off cybersecurity.” Technically, such a term may not even apply to personal cybersecurity, but that’s a question for another day.
Ultimately, hands-off cybersecurity represents a dream for IT decision-makers for businesses of all sizes. After all, if you can just set and forget your cybersecurity, you can focus your attention on other critical IT processes or personal threat hunting.
However, it doesn’t exist. It doesn’t exist for SIEM, or endpoint security, or identity management. In fact, the former embodies the new attitude necessary for optimal cybersecurity performance more than any other InfoSec tool; that attitude involves constant maintenance and vigilance.
SIEM operates through log management; it collects data from various network locations and consolidates and aggregates them into a single network location. So far so good. Then it normalizes that data and scans it for security events before sending an alert.
But that description leads to numerous questions. Where does SIEM collect the necessary data from (as in, which network locations do you prioritize)? Trying to aggregate from too many IT environment components at once can quickly burn out your IT security team. How should the program normalize the information it does collect? What constitutes a security event?
That last question should definitely give you pause; failing to answer it adequately can lead to a significant number of false positives, further leading to burnout or lost opportunities for threat hunting. You need to constantly reconfigure your SIEM parameters to match with your current IT environment, business goals, and workforce demands.
To do otherwise, and embrace a hands-off cybersecurity model, is to let your business remain at risk. Find out more in our SIEM Buyer’s Guide.
Latest posts by Ben Canner (see all)
- Risked Based Security Reveals 2020 Year End Data Breach Report - January 21, 2021
- Running in Sand: How to Avoid Getting Stuck at the Onboarding Stage - January 19, 2021
- Dwell Time: The Cyber-Threat Peril You Haven’t Considered? - January 14, 2021