{"id":1995,"date":"2018-06-29T12:05:36","date_gmt":"2018-06-29T16:05:36","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1995"},"modified":"2018-10-05T12:22:57","modified_gmt":"2018-10-05T16:22:57","slug":"get-employees-embrace-siem-best-practices","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/get-employees-embrace-siem-best-practices\/","title":{"rendered":"Get Your Employees to Embrace SIEM Best Practices!"},"content":{"rendered":"

\"SIEM<\/p>\n

This past week has seen a series of major data breaches that remind us just how essential SIEM best practices are for enterprises in the modern digital marketplace. As just one example, Athletic apparel giant Adidas announced yesterday that an unauthorized party had gained access to millions of customers\u2019 personal identifying information including encrypted passwords. Earlier this week, marketing data company Exactis allegedly leaked 340 million users\u2019 personal data\u2014a leak that may rival the Equifax breach.<\/span><\/p>\n

\t\t\t

<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n

SIEM best practices are essential to detecting, mitigating, and remediating these kinds of digital threats. Yet simply encouraging your IT security team or help desks to embrace SIEM best practices isn\u2019t enough. SIEM is not just an issue of security or technology\u2014it\u2019s an issue of business processes and efficiency. And with 47% of data breaches being the result of employee errors, it\u2019s clear that SIEM best practices need to be internalized through your enterprise to achieve true success. <\/span><\/p>\n

How? Here are a few suggestions:<\/span><\/p>\n

Make SIEM Best Practices Core Business Processes <\/b><\/h3>\n

The best way to show your employees that you intend to take SIEM best practices seriously is to, well, take them seriously in your enterprise\u2019s day-to-day routines. <\/span><\/p>\n

For example, you can start by training your employees on how to spot potential phishing responses through lectures, gamified experiences, or whatever method you think will best reach them. Once you have done that, your enterprise needs to take the next step that so many others don\u2019t: hold your employees accountable for utilizing their knowledge of phishing attacks in their business activities. Give praise or offer incentives to employees who successfully spot a phishing attack email before it can infiltrate your network proper. Make this awareness a regular part of your employee evaluations at their milestone marks, and a possible factor in their promotion or raise considerations. <\/span><\/p>\n

You don\u2019t want to be draconian about enforcing SIEM best practices\u2014even the most aware employees will inevitably make a mistake\u2014but you need to change your enterprise\u2019s culture to make SIEM best practices a core part of your business processes. Carelessness shouldn\u2019t be tolerated outside of the digital realm, and it shouldn\u2019t be tolerated within it either. \u00a0<\/span><\/p>\n

Make Sure Storage Locations Are Communicated<\/b><\/h3>\n

The sad truth of modern cybersecurity is that no matter what preventative perimeter safeguards are deployed, no enterprise\u2019s network is 100% effective against digital threat actors. It may well deter less experienced hackers from targeting you, but that does not mean your enterprise will never be targeted. <\/span><\/p>\n

Today\u2019s SIEM best practices, therefore, prioritize detecting and removing threats promptly over preventing threats, stopping threats from accessing the most sensitive databases or digital assets in your enterprise\u2019s network. Yet this is futile if your IT security team\u00a0doesn’t know where these databases or assets are within the network. <\/span><\/p>\n

SIEM solutions can offer better visibility into your network by compiling and aggregating security event information from throughout the IT environment. However, IT security teams still find it difficult to know how to prioritize potential security events in the resultant deluge of information. You should have your employees and department leaders assess what databases and assets are most essential to their operations and ensure that your IT security teams know where to find them. <\/span><\/p>\n

Additionally, make it a core business process that whenever a department or employee creates a new database or digital asset, they alert the security team so they will know what it is, what it contains, and how to find it. Visibility and communication are the keys to the long-term success of any cybersecurity platform. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n

Have A Comprehensive Incident Response (That Everyone Knows)<\/b><\/h3>\n

Regardless of your enterprise\u2019s particular SIEM solution or cybersecurity platform, you absolutely need an Incident Response Plan as part of your SIEM best practices. But an incident response plan by itself isn\u2019t enough: it needs to be comprehensive enough to accommodate all aspects of a potential data breach, including:<\/span><\/p>\n