Security Information and Event Management (SIEM): What it is and Why You Need it

February 18, 2019 Jungbo Hong

These days, enterprise IT environments are becoming more complex due to the variety of systems in play – for example, a firewall device for security, active directory for user authentication, servers for applications, network devices for network connection, management and so on. Often, organizations are not able to detect intrusion or exploit due to their complexity, and many advanced threats use sophisticated mechanisms and tools to avoid detection from traditional security controls.

Security Information and Event Management (SIEM) combating cyber security threats

What is SIEM, and why do enterprises need it?

SIEM is a combination of two separate but highly complementary security technologies:

  • Security Information Management (SIM), which includes log management and historical data in compliance reporting, and
  • Security Event Management (SEM), which provides real-time monitoring and incident management for security-related events from networks, security devices, systems, and applications.

With SIEM, we are able to correlate event log data, detect and mitigate exploits that go unnoticed with traditional security technologies such as firewall, IPS, UTM, etc.

Shutting down inside data theft

SIEM is able to provide comprehensive context and analytics on activities and behaviors of authorized and unauthorized users in various systems and detect suspicious behaviors of internal users and exploits from the outside.

For example, an authorized network administrator can use admin access to change the password of another admin operator who is on vacation. That same administrator could then log in as the admin operator and change a customer’s password, and then log on as that customer from an internet café to steal information belonging to the customer – with the system mistaking improper access for authorized access.

No single security solution would detect this scenario without SIEM.

The Windstream Enterprise advantage: Adding user and entity behavior analytics (UEBA) to SIEM

The Windstream Enterprise implementation of SIEM takes this all a step further by adding UEBA (user entity behavior analytics) to drive highly accurate and rapid user behavior correlations among multiple systems. This entails simultaneously monitoring activities in user accounts and user entitles – i.e., comparing account usage across applications and domains to network traffic patterns – to address threats by correlating both data sets.

The Windstream Enterprise (WE) fight against cybercrime is being kicked into overdrive. SIEM technology will now be baked into our Managed Network Security solution, joining firewall, intrusion prevention, content filtering, and application control for the ultimate in managed network security. We will also make SIEM available as an option to our other security solutions.

In taking this approach, Windstream Enterprise goes beyond traditional managed security services to a more complete managed detection and response service. The Windstream Enterprise Cyber Security Operations Center will proactively identify threats, detecting, investigating, responding to, and containing them efficiently.

Best of all, SIEM is now available and ready to ensure your fight against cybercrime is a winning one.

The post Security Information and Event Management (SIEM): What it is and Why You Need it appeared first on Windstream Enterprise.

 

About the Author

Jungbo Hong

Jungbo Hong is a Senior Product Manager at Windstream Enterprise where he is responsible for the Managed Network Security Services portfolio.

Follow on Linkedin More Content by Jungbo Hong
Previous Article
Cyber Security 101 for K-12 Districts: Back to Basics
Cyber Security 101 for K-12 Districts: Back to Basics

As excited as students and educators are to embrace new learning tools enabled by the E-Rate program, their...

Next Article
DDoS Attacks Are Escalating and Financial Institutions are Especially Vulnerable
DDoS Attacks Are Escalating and Financial Institutions are Especially Vulnerable

Since banks and financial institutions are frequent DDoS targets, most have some form of protection in plac...

×

Have questions? Chat with a Windstream network expert

First Name
Last Name
Company
Phone Number
Thank you!
Error - something went wrong!