Securing the SIEM system: Control access, prioritize availability

Similar documents
E-Guide GROWING CYBER THREATS CHALLENGING COST REDUCTION AS REASON TO USE MANAGED SERVICES

How to Develop Cloud Applications Based on Web App Security Lessons

Hybrid cloud computing explained

Data warehouse software bundles: tips and tricks

E-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY

E-Guide HOW THE VMWARE SOFTWARE DEFINED DATA CENTER WORKS: AN IAAS EXAMPLE

Streamlining the move to the cloud. Key tips for selecting the right cloud tools and preparing your infrastructure for migration

Hyper-V 3.0: Creating new virtual data center design options Top four methods for deployment

6 Point SIEM Solution Evaluation Checklist

E-Guide NETWORKING MONITORING BEST PRACTICES: SETTING A NETWORK PERFORMANCE BASELINE

E-Guide CLOUD COMPUTING FACTS MAY UNCLENCH SERVER HUGGERS HOLD

Advanced analytics key component for decision management systems

Benefits of virtualizing your network

E-Guide MANAGING AND MONITORING HYBRID CLOUD RESOURCE POOLS: 3 STEPS TO ENSURE OPTIMUM APPLICATION PERFORMANCE

3 common cloud challenges eradicated with hybrid cloud

Aligning Public Cloud Strategies to Improve Server Efficiency

Rethink defense-in-depth security model

E-Guide VIDEO CONFERENCING SOFTWARE AND HARDWARE: HYBRID APPROACH NEEDED

Solution Spotlight BEST PRACTICES FOR DEVELOPING MOBILE CLOUD APPS REVEALED

Social channels changing contact center certification

Is Your Data Safe in the Cloud?

How to Define SIEM Strategy, Management and Success in the Enterprise

HOW TO SELECT THE BEST SOLID- STATE STORAGE ARRAY FOR YOUR ENVIRONMENT

The skinny on storage clusters

E-Guide WHAT IT MANAGERS NEED TO KNOW ABOUT RISKY FILE-SHARING

E-Guide UNDERSTANDING PCI MOBILE PAYMENT PROCESSING SECURITY GUIDELINES

Software Defined Networking Goes Well Beyond the Data Center

Managing Virtual Desktop Environments

E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT

Preparing for the cloud: Understanding the infrastructure impacts Eight essential tips for a successful cloud migration

CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY?

Best Practices for Database Security

Key best practices for cloud testing

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO

2013 Cloud Storage Expectations

ios7: 3 rd party or platform-enabled MAM? Taking a look behind the scenes with Jack Madden

Evaluating SaaS vs. on premise for ERP systems

BUYING PROCESS FOR ALL-FLASH SOLID-STATE STORAGE ARRAYS

E-Guide CONSIDER SECURITY IN YOUR DAILY BUSINESS OPERATIONS

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

Managing the supply chain for SAP

Managing Data Center Growth Explore Your Options

Exchange Server 2010 backup and recovery tips and tricks

A Guide to MAM and Planning for BYOD Security in the Enterprise

5 ways to leverage the free VMware hypervisor Key tips for working around the VMware cost barrier

Tips to ensuring the success of big data analytics initiatives

E-Guide to Mobile Application Development

How SSL-Encrypted Web Connections are Intercepted

5 free Exchange add-ons you should consider Eliminating administration pain points on a budget

Order Management System Best Practices

E-Guide SHAREPOINT UPGRADE BEST PRACTICES

Best Practices for Scaling a Big Data Analytics Project

Expert guide to achieving data center efficiency How to build an optimal data center cooling system

Supply Chain Management Tips and Best Practices

E-Guide THE LATEST IN SAN AND NAS STORAGE TRENDS

Essentials Guide CONSIDERATIONS FOR SELECTING ALL-FLASH STORAGE ARRAYS

CLOUD APPLICATION INTEGRATION AND DEPLOYMENT MADE SIMPLE

Cloud Storage: Top Concerns, Provider Considerations, and Application Candidates

Key Trends in the Identity and Access Management Market and How CA IAM R12 Suite Addresses These Trends

Making the move from a tactical to a strategic supply chain

Skills shortage, training present pitfalls for big data analytics

How To Protect Your Online Backup From Being Hacked

Virtualization backup tools: How the field stacks up

Big Data and the Data Warehouse

7 remote office backup options: Which is right for you?

GUIDELINES FOR EVALUATING PROCUREMENT SOFTWARE

Does consolidating multiple ERP systems make sense?

Strategies for Writing a HIPAA-Friendly BYOD Policy

TIPS TO HELP EVALUATE AND DEPLOY FLASH STORAGE

Social Media-based Customer Loyalty Programs

Solution Spotlight KEY OPPORTUNITIES AND PITFALLS ON THE ROAD TO CONTINUOUS DELIVERY

Unlocking data with document capture and imaging

Social media driving CRM strategies

MOBILE APP DEVELOPMENT LEAPS FORWARD

MDM features vs. native mobile security

Desktop virtualization: Best practices for a seamless deployment

The State of Desktop Virtualization in 2013: Brian Madden analyzes uses cases, preferred vendors and effective tools

WHAT S INSIDE NEW HYPER- CONVERGED SYSTEMS

E-Guide THE CHALLENGES BEHIND DATA INTEGRATION IN A BIG DATA WORLD

Advantages on Green Cloud Computing

The changing face of scale-out networkattached

E-Guide CRM: THE INTEGRATION AND CONSOLIDATION PAYOFF

BEST PRACTICES FOR MANAGING THE EVOLUTION OF EHRS

Obtaining Enterprise Cybersituational

The state of cloud adoption in India The use cases, industry trends, business demands, and user expectations driving cloud adoption in Indian

E-Guide COMPLIANCE IN THE CLOUD

Integrating and Managing SAP HANA

Cloud Security Certification Guide What certification is right for you?

FIVE PERVASIVE FLASH-BASED STORAGE MYTHS

LTO tape technology continues to evolve with LTO 5

Server OS Buyer s Guide Vendor-neutral tips for choosing the best server operating system for your organization

CALCULATING ROI FOR STORAGE VIRTUALIZATION IS TRICKY

E-Guide DATA CENTER CAPACITY MANAGEMENT

Moving to the Cloud: A guide for Southeast Asian IT and Business Managers

Cloud Backup: Instead of tape and now for SMBs?

Annex 9: Technical proposal template. Table of contents

E-Business Risk: The Coming SaaS As a Service

Security in Space: Intelsat Information Assurance

Information security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European

Getting Started With Cloud Storage

Transcription:

The prospect of a SIEM system crash or compromise should scare any enterprise given the role it plays in an organization s security infrastructure. This expert E-Guide discusses the implications of a compromised SIEM system and explores defenses available for managers looking to secure it. prioritize availability Given the role a properly implemented, managed and utilized security information and event management (SIEM) system plays in an organization's security infrastructure environment, it s clear that compromising SIEM activities could be a successful strategy for an attacker looking to avoid detection or undermine management of the environment's security. What are the potential implications of a compromised SIEM system, and what defenses are available for enterprises looking to secure their SIEM systems? Those are questions we'll seek to answer in this tip. Treat the SIEM system as a high-priority enterprise resource It should be recognized that while a SIEM system is the infrastructure's nerve center from a security operations point of view, it is also one of many systems within the managed enterprise environment. For this reason, the SIEM should be polled regularly to ensure it is running and fully operational. Part of the SIEM deployment plan should be to ensure the SIEM system is identified as a critical system in the enterprise landscape, and the hardware and software systems on which it runs are configured and managed as highrisk areas. It is also necessary to consider the SIEM system's resilience. Future SIEM system designs will focus on attributes like adaptive routing to ensure that if one path for security event delivery cannot be traversed, another path is Page 2 of 5

followed, and out-of-band signaling to the central node, where alternative communication channels may be used. Practical steps for achieving SIEM system security today While these next-generation SIEM protections will be incorporated into future SIEM system products, a lot can be done now to ensure SIEM security. By ensuring a typical security review approach is applied to the SIEM system itself, the security event-collection process can be implemented effectively: From an authentication and access control point of view, SIEM system access should be carefully set up and managed. Integration with the enterprise's LDAP directory services could be a way to ensure the SIEM system is seen not as an island, but rather as part of the managed environment. Access to the system should be limited, and privileged access in particular should be carefully controlled, possibly within a "separation of duties" type of approach whereby no single individual or administrator is able to act in isolation. The confidentiality and integrity of the security information must be considered, specifically with respect to how information travels between the collection agents/aggregation points and the central management node. Where information is stored -- for example, a database at the central node -- confidentiality needs to be considered. Privacy could also be an issue to consider, depending upon where and how security events are being used. In some instances, anonymization is applied to security events so general trends can be determined -- especially if conducted off-site or across multiple clients -- with only limited scope to reverse this to reconstruct the actual event, under the control and policies of the organization. Nonrepudiation could be considered to ensure actors, authorized or otherwise, cannot repudiate event evidence of particular actions. How SIEM events are stored, both centrally and in the originating systems, needs to be considered to ensure sufficient evidence can be gathered. Finally, the availability of a system is considered a security issue, and this is no less of an issue for a SIEM system. It has been indicated that Page 3 of 5

future SIEM products will have self-healing, adaptive-type capabilities from an architectural perspective. In the interim, the disaster recovery aspects of a business should ensure the SIEM system is also implemented on a high-availability type infrastructure and that, along with recovery of other mission-critical systems, the SIEM is prioritized to ensure orderly monitoring and insight. After all, depending on what has caused an outage or disaster, having the security systems running first could be most important, ensuring any unexpected patterns, alerts, events or incidents are visible, that they can be investigated, and that responses can be deployed. Through careful deployment, the security of SIEM systems can be enhanced. While it will take more time to create architectures that increase the resilience of SIEM products, treating them as high-availability, critical systems within the overall management landscape can be done immediately. About the author: Andrew Hutchison is an information security specialist with T-Systems International in South Africa. An information security practitioner with 20 years of technical and business experience, his technical security work has included secure system development, security protocol design and analysis, and intrusion detection and network security solutions. He has held executive responsibility for information security in a large enterprise, establishing its chief security officer role and initiating an ISO27001 security certification program. As business sponsor for large SIEM rollouts, he has experience in deploying and operating SIEM systems in a managed service provider environment. He is an adjunct professor of computer science at the University of Cape Town in South Africa. Page 4 of 5

Free resources for technology professionals TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. Related TechTarget Websites Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information