Become a hunter: fi nding the true value of SIEM.



Similar documents
FIVE PRACTICAL STEPS

Cyber Situational Awareness for Enterprise Security

Information & Asset Protection with SIEM and DLP

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Accenture Cyber Security Transformation. October 2015

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM QRadar Security Intelligence April 2013

Redefining Incident Response

What is Security Intelligence?

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Boosting enterprise security with integrated log management

Attack Intelligence: Why It Matters

Decision Solutions Consulting Group. Leading Solutions for Leading Enterprises

IBM Security IBM Corporation IBM Corporation

Q1 Labs Corporate Overview

Changing the Enterprise Security Landscape

IBM QRadar as a Service

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Bridging the gap between COTS tool alerting and raw data analysis

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

I D C A N A L Y S T C O N N E C T I O N

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Getting Ahead of Advanced Threats

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Why your business decisions still rely more on gut feel than data driven insights.

Demonstrating the ROI for SIEM: Tales from the Trenches

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

DEMONSTRATING THE ROI FOR SIEM

The Next Generation Security Operations Center

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Continuous Network Monitoring

Compliance Management, made easy

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

QRadar SIEM and FireEye MPS Integration

THE EVOLUTION OF SIEM

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Optimizing Network Vulnerability

IBM Security QRadar Risk Manager

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Cyber and Operational Solutions for a Connected Industrial Era

I. TODAY S UTILITY INFRASTRUCTURE vs. FUTURE USE CASES...1 II. MARKET & PLATFORM REQUIREMENTS...2

Requirements When Considering a Next- Generation Firewall

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

The Emergence of Security Business Intelligence: Risk

2012 North American Managed Security Service Providers Growth Leadership Award

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

IBM Security QRadar Risk Manager

Extreme Networks Security Analytics G2 Risk Manager

PCI DSS Top 10 Reports March 2011

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Ecom Infotech. Page 1 of 6

Extreme Networks Security Analytics G2 Vulnerability Manager

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

CyberArk Privileged Threat Analytics. Solution Brief

Why you should adopt the NIST Cybersecurity Framework

Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!

Solution White Paper BMC Service Resolution: Connecting and Optimizing IT Operations with the Service Desk

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cybersecurity: Mission integration to protect your assets

QRadar SIEM 6.3 Datasheet

Cisco Advanced Malware Protection for Endpoints

How to Manage Your Data as a Strategic Information Asset

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Managing the Unpredictable Human Element of Cybersecurity

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

How to Define SIEM Strategy, Management and Success in the Enterprise

The Future of the Advanced SOC

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

Manage and Control Access Risk and Assess Its Financial Impact

Tivoli Security Information and Event Manager V1.0

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

CYBER SECURITY, A GROWING CIO PRIORITY

Clavister InSight TM. Protecting Values

How To Buy Nitro Security

WHITE PAPER Speech Analytics for Identifying Agent Skill Gaps and Trainings

IBM Security Intelligence Strategy

White paper. Creating an Effective Security Operations Function

Transcription:

Become a hunter: fi nding the true value of SIEM.

When Security Information and Event Management (SIEM) hit the security scene, it was heralded as a breakthrough in threat detection. However, SIEM is just a tool. While initially designed to bring data together for a more comprehensive threat view, it has become, like many other security technology solutions before it, reactive and siloed. SIEM gains its true value when coupled with expertise, becoming one tool in the proactive hunt for actionable intelligence. SIEM is only as smart as the people analyzing its data. SIEM is an excellent technology, and it is core to any security architecture. However, on its own, SIEM is still a reactive tool layered on top of other reactive data-generating tools. For SIEM to function to its promise enabling security analytics to provide actionable intelligence the technology must be coupled with people. It s people that can build the use cases that give SIEM context. It s people who understand the enterprise environment globally. It s people who can take that global view and progress towards actionable intelligence. If organizations start from the premise that they have been or probably will be breached, reacting is no longer enough. Organizations must become proactive hunters, constantly mining data and seeking insight that inspires action. 2

Actionable intelligence leads to executable actions: one organization s journey to SIEM value. A major Canadian retailer had multiple organizations providing segregated pieces of its security, including a reactive SIEM service, intrusion prevention and fi rewalls. As a result of the siloed nature of the solutions, the organization s security team struggled to uncover actionable intelligence. The security team was leveraging the SIEM solution. Its SIEM provider had built rules and correlations around SIEM that triggered reactions to certain events and generated alerts that were forwarded to the internal security team. However, with many of its security technologies being managed independently, there was little cohesion between the different providers and the organization, as well as between the data sources providing security posture information. It s an error common to many organizations as security has evolved different technologies, going in different directions, with little to no communication or interaction. Without interaction, a global view is impossible, which makes it challenging to effectively mine the data. The SIEM investment had been made, and the solution was functioning to a degree. But the organization was not realizing its true value because the internal security team was still in reactive mode, rather than being a proactive hunter. The retailer partnered with TELUS Security Solutions. TELUS security specialists made some simple changes to consolidate key components of the retailer s security environment. They confi gured the SIEM solution to report and alert on things that the organization prioritized. They then took the data coming out of the SIEM solution and applied advanced monitoring. The resulting outcome was twofold the TELUS security team was able to apply threat information to the data and wrap it within the context of the retailer s environment. With this change, the retailer has transitioned to proactive hunter -- creating a process whereby all security alerts, major and minor, are being reviewed on a consistent basis. The security team now has a mechanism for taking billions of points of data and transforming those into actionable intelligence that leads to executable actions. 3

Advice for aspiring hunters. In security, defense is important. Collecting data is also important. But hunting is critical looking for anomalies, understanding their causes and investigating incidents and events. It s important to have a plan to hunt proactively and respond proactively. TELUS security experts provide three key pieces of advice. 1 Take a programmatic approach to security. Maturing along the continuum to actionable intelligence requires a programmatic approach to security. You can t have one without the other. What does that mean? It means that your security program must be built in a holistic way. Over time, most organizations have been adding siloed solutions to solve problems. However, perpetrators don t take a siloed approach to their attacks. They look at everything all tools and processes. Looking at security from a programmatic perspective enables you create an interconnection between tools, processes and people. With that interconnection, you can correlate data from your entire infrastructure, whittle it down and examine specifi c components in order to identify real issues with potential impact, which may not have been evident when viewing individual silos. 2 3 Take the leap of faith away from reactive to proactive. By defi nition, all technologies are reactive. They are designed to react to an event or multitudes of events. Organizations that are serious about security are getting serious about being proactive in their approach. The irony is that they thought they were being proactive by implementing reactive tools, yet they only initiated more problems by creating technology silos. Proactive is defi ned differently now. With the architecture and technologies in place and doing their thing, it s critical to inspect the data coming from different technologies to understand what s happening globally in your environment and to hunt for anomalies. Empower your SIEM solution. The SIEM solution itself includes: Device monitoring, management and maintenance Security alert notifi cation Device tuning and optimization (understanding false positives) Central log collection Use case development and deployment, created in partnership with the client or business unit Report development and distribution Custom device support True actionable intelligence comes from advanced monitoring and security analytics compiling data from the SIEM solution, customer environment (e.g. industry, location, political environment) and security in general to determine whether an event is truly a security event. To maximize the value of the SIEM, it is critical to consider: Proactive threat intelligence capabilities for data analytics Proactive research and profi ling Log analytics and monitoring Data contextualization The business, its people, technology and processes 4

Moving beyond SIEM s technology capabilities. SIEM falls short of expectations and fails to deliver value when it is leveraged only as a technology. To fi nd the true value of a SIEM investment and to position it as an enabler of proactive hunting, it is important to: Leverage the power of SIEM to build strong use cases that address organizational gaps Understand the output of SIEM and use cases to provide an actionable response Provide advanced monitoring and security analytics to leverage the data within the context of the organization s security environment If you are thinking of deploying SIEM technology or have already deployed but are struggling to realize the value of actionable intelligence, visit telus.com/siem to learn more about our SIEM consulting and management services. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information