Light Dark
July 12, 2018 By Chris Meenan 2 min read
Intelligence & Analytics

Security information and event management (SIEM) technology has been around for more than a decade — and the market is growing by the minute.

So, it may seem strange that so many organizations lack a proper understanding of what a security intelligence and analytics solution can do, what type of data it ingests and where to begin when it comes to implementation.

As the threat environment expands in both diversity and volume, IT skills are becoming increasingly scarce, and point solutions are increasingly flooding the market. As a result, many security leaders are at a loss when it comes to selecting the right SIEM solutions to serve their unique needs.

Clear the Fog Surrounding SIEM Technology

Why all the confusion? For one thing, many companies just throw money at a SIEM platform to solve all their security use cases or as a silver bullet for compliance. These are ill-advised strategies because customers are often left to their own devices to both define and implement the system.

So, how should these companies proceed? The first step is to identify the primary security challenges they are trying to solve and the outcomes they hope to achieve.

To shed light on their SIEM implementation, security leaders need a single pane of glass across the organization’s infrastructure to detect and investigate threats, both internal and external. In both cases, these threats are typically after the enterprise’s critical data, whether they aim to steal or destroy it. Since more and more of this data is being moved off premises, cloud security has become a critical function of security operations.

Threat actors will do anything they can to gain access to the enterprise’s crown jewels — and, when they do, security teams need a rapid and efficient incident-response process that enables analysts to take action quickly and confidently.

Finally, and perhaps most crucially, organizations must be able to prove all of the above to various compliance and regulatory auditors.

How to Optimize Your SIEM Implementation

To clear up the uncertainty surrounding SIEM technology — and to maximize the value of their implementation — security leaders should:

  • Understand the outcomes their SIEM solution can deliver against common use cases;
  • Create a road map for SIEM maturity;
  • Understand how adding different types of data to the SIEM can improve outcomes; and
  • Continuously review their processes and educate staff and stakeholders accordingly.

By following these basic steps, chief information security officers (CISOs) can demonstrate the value of their SIEM implementation in a way that is easily communicable to business leaders and lead the way toward smarter, more prudent investments.

Explore More Content

 |  |  |  |  |  |  |  |  |  |  | 
Chris Meenan
VP, Product Management, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature