Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

 [metaslider id=2951] … Read More

  • Home
  • Profile
    • Contact Us
    • Security News
    • White Papers
  • Services
    • Compliance Regulations
      • PCI DSS Suite of Products
      • HIPAA/Hitech
      • SOX – Sarbanes Oxley
      • DCID 6/3/NISPOM Chapter 8/JAFAN DoD
      • NERC/FERC
    • Industry Consulting and Implementation
      • Banking and Financial
      • Energy/Utilities
      • Healthcare
      • Retail/Hospitality
    • Security Assessment
  • Security Solutions
    • Sophos
    • Endpoint Security Solutions
      • Bitdefender Business Solutions
      • Sophos Endpoint Protection
    • Forensic Solution – Threat Hunter
    • Network Access Control
      • NetShield
        • NetShield
    • NGFW – UTM – Perimeter Security
      • Sophos Network Protection
    • Security Awareness Training
      • KnowBe4 – Security Awareness Training
      • Sophos Phish Threat
  • White Papers
    • Sophos Webinar Series
  • Security News
    • Blog
    • Sophos Webinar Series
  • Free Security Tools

Are SIEM’s Enough?

2015/01/30 by admin

If you are like most companies today,  you have followed all the steps to ensure compliance with the myriad of regulations – SOX, PCI DSS, HIPAA, to name a few: Firewall in place, AntiVirus Deployed, Network Segmented, IDS/IPS,  with the logs being sent to an SIEM/SIM/SEM.  You are capturing event data from systems (Windows, Linux, Applications, etc)  and sending that information as well.  Reports have been created, and alerts setup for any unusual behaviour.  So why according to Verizon Data Breach Report are the number of incidents/breaches climbing every year. In addition, according to the 2014 Cyberthreat Defense Report, by the CyberEdge Group, 60% of respondents were affected by a successful cyberattack in 2013.

Reviewing logs (10 years ago) was the best way to see what was occurring on your network, and for the most part were extremely successful, a jump in activity on a device indicated a form of malware/trojan/virus. So what has changed?

  • Increased sophistication of threats.
  • Proliferation of devices and applications
  • Rise of Social Media
  • Inadequate Data Collection
  • Data overload
  • Over normalization
  • Siloed information and processes.

Organizations are collecting data from a variety of data sources,  or trying to, and then create complex queries to generate reports.  The problem lies in the fact that you are collecting log data for a compliance regulation,not necessarily for security. Being compliant does not equate to being secured.   Log Management truly assist with forensics – after the breach – but most do not assist with predicting or providing Security Analytics.  In order to have security intelligence and therefore have anomaly detection, you need historical data to create a more effective baseline of average activity by either the user or the computer (asset), and for most  SIEM/SEM/SIM’s the more data collected, the slower they will perform. By utilizing a Data Analytics platform, to augment your SIEM/SEM/SIM, additional alerts can be generated on activity that deviates by specific thresholds, and can be investigated immediately.  Allowing a machine to “learn” the habits of the organization will eliminate human error.  Have a look at the whitepaper by our partner Hexis Cyber Solutions – Why SIEM’s Are Not Enough,or review the HawkEye AP .

Contact us for web demonstration of the product.

Filed Under: Advanced Persistent Threat, compliance, Hexis, industry, Log Management, Malware, PCI, Security News

Let us help answer any questions you may have

requestmoreinformation.fw

Security News and Updates

  • Was my information part of a breach?
  • Phishing and stolen credentials
  • Ransomware is the Biggest Threat for Small to Medium Businesses

RSS SecurityWeek

  • US Charges 20-Year-Old Head of Hacker Site BreachForums
  • Tesla Hacked Twice at Pwn2Own Exploit Contest
  • CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections

Contact

  • Contact Us

Request More Info

  • Request Quote

Site Map

  • Site Map

© Copyright 2016 Symtrex Inc. ; All Rights Reserved · Privacy Statement