These days, enterprise IT environments are becoming more complex due to the variety of systems in play – for example, a firewall device for security, active directory for user authentication, servers for applications, network devices for network connection, management and so on. Often, organizations are not able to detect intrusion or exploit due to their complexity, and many advanced threats use sophisticated mechanisms and tools to avoid detection from traditional security controls.
What is SIEM, and why do enterprises need it?
SIEM is a combination of two separate but highly complementary security technologies:
- Security Information Management (SIM), which includes log management and historical data in compliance reporting, and
- Security Event Management (SEM), which provides real-time monitoring and incident management for security-related events from networks, security devices, systems, and applications.
With SIEM, we are able to correlate event log data, detect and mitigate exploits that go unnoticed with traditional security technologies such as firewall, IPS, UTM, etc.
Shutting down inside data theft
SIEM is able to provide comprehensive context and analytics on activities and behaviors of authorized and unauthorized users in various systems and detect suspicious behaviors of internal users and exploits from the outside.
For example, an authorized network administrator can use admin access to change the password of another admin operator who is on vacation. That same administrator could then log in as the admin operator and change a customer’s password, and then log on as that customer from an internet café to steal information belonging to the customer – with the system mistaking improper access for authorized access.
No single security solution would detect this scenario without SIEM.
The Windstream Enterprise advantage: Adding user and entity behavior analytics (UEBA) to SIEM
The Windstream Enterprise implementation of SIEM takes this all a step further by adding UEBA (user entity behavior analytics) to drive highly accurate and rapid user behavior correlations among multiple systems. This entails simultaneously monitoring activities in user accounts and user entitles – i.e., comparing account usage across applications and domains to network traffic patterns – to address threats by correlating both data sets.
The Windstream Enterprise (WE) fight against cybercrime is being kicked into overdrive. SIEM technology will now be baked into our Managed Network Security solution, joining firewall, intrusion prevention, content filtering, and application control for the ultimate in managed network security. We will also make SIEM available as an option to our other security solutions.
In taking this approach, Windstream Enterprise goes beyond traditional managed security services to a more complete managed detection and response service. The Windstream Enterprise Cyber Security Operations Center will proactively identify threats, detecting, investigating, responding to, and containing them efficiently.
Best of all, SIEM is now available and ready to ensure your fight against cybercrime is a winning one.