SIEM (Security Information and Event Management) technology is growing in popularity in Europe as continuing innovation boosts its brainpower. Despite this, many businesses are failing to realise its full potential. Often, when those who control a company’s purse strings think of SIEM, they visualise the technology as little more than a ‘box ticking exercise’ for compliance purposes alone. Perhaps this is understandable, as an increasing amount of data protection regulations, such as the upcoming General Data Protection Regulations (GDPR), mean businesses must act to ensure they are looking after data correctly.
The problem this creates is that the value of SIEM in delivering ROI beyond compliance is often overlooked, with perceptions of the technology as too expensive and difficult to use preventing it from garnering any further consideration. In reality, SIEM can extract value from the data companies already hold as well as protecting it, all in a cost-effective and easy to operate manner.
[easy-tweet tweet=”SIEM can extract value from the data companies” hashtags=”data, cloud, security”]
Maximising workforce productivity
In recent years, as the threat of data breaches and the complexity of IT systems has increased, so has the value of data. In theory, every device connected to an IT network generates data, or logs. The problem is that these logs are generated in a different format. It is similar to attending an EU Summit whereby officials are not wearing a language headset; everyone is speaking to each other in a different language. The information is available, but nobody understands it.
SIEM takes this information and normalises it, effectively converting it into a single language. This helps IT managers to maintain control over the sheer amount of security logs generated from each system operating within their IT infrastructures, as interpreting this information manually is complicated and time consuming. SIEM simplifies this process by automating the task. This means highly skilled security staff no longer need to spend copious amounts of time sifting through data in order to retrieve actionable intelligence. Rather, they can utilise the insights provided by a SIEM solution to make sensible business decisions.
[easy-tweet tweet=”SIEM takes information and normalises it, converting it into a single language.” hashtags=”data, tech”]
Translating data into business intelligence
One of the key misconceptions regarding SIEM is that it is purely a security-focussed tool. If businesses were to broaden their use of the technology, they could experience a greater ROI. An example of this could be as simple as utilising SIEM to monitor a business’ printing needs. Many company printers are leased from external firms, and a SIEM solution can recognise which printers are being utilised and how often. If a certain printer is not being used frequently, for instance, the business can then save money by reducing the number of printers leased.
In addition, within a security scenario, SIEM can add further context to a security situation, crucial when making intelligent business decisions. For example, the software may flag that an employee has accessed a file they are not permitted to. On its own, this could lead to disciplinary action. However, if a SIEM tool is also connected to car park surveillance cameras, it may notice that the person who has accessed the file has not yet shown up to work. Furthermore, if the technology is linked to the HR department, it may register that the same employee is on annual leave. This additional context provides vital information, allowing an organisation to recognise the difference between a HR issue and a security breach.
Clearly, SIEM over-delivers when it comes to compliance. For many organisations, the next step is to make sure it is delivering – even at a basic level – to support productivity, decision-making capabilities and security procedures. We believe the future of SIEM involves more than just compliance. This is a tool that, in a world with more data than ever before, helps sift through the noise to make the most intelligent security and business decisions.
Graeme Stewart, Managing Director of LogPoint UK & Ireland
Graeme leads the UK team for LogPoint, an innovative Danish SIEM vendor whose intuitive, adaptable solution is already deployed across Europe and Scandinavia.
Graeme is passionate about improving organisational information security with a practical, real-world approach, and has been involved in multiple industry and Government initiatives to highlight the importance of cyber security to Board and Public Sector executives. He has 20 years’ experience in IT and organisational data security with management roles at McAfee, Sophos, ClearSwift, PGP and Symantec. Graeme is a published thought leader, and an accomplished public speaker and media spokesperson.