There are a lot of things producing data within an infrastructure: SSL inspection routines, connections into a web application firewall, next generation firewalls, and any additional data sources potentially stemming from sandboxes, internal firewalls, and authentication systems. Ultimately, all of that data should be processed into your organization’s Security Information and Event Management (SIEM) solution.
“It means nothing to have all of that stuff go there if there are not eyes that are keeping an eye on all of that data, that are tuning that system to raise alerts so you can really find actionable data and start making your organization more secure,” said Nuspire’s CTO, Matt Corney.
The actionable data found could be a known attacker, and cyber threat intelligence can help to understand who is coming after you or your organization. It could be a known machine with an active botnet connection or infection phoning home to a command and control system. The connection could be being blocked, but the next time that laptop leaves the organization it will get infected, or phone home, or become encrypted.
“The ability to quickly understand those actionable items and get that information out to the appropriate teams to clean up that laptop to change the security posture … all comes out of the collection of this data, applying threat intelligence to it, and then having an active security operations center (SOC) that’s managing that entire process and monitoring it all,” said Corney.
Some common components you should see within a SIEM solution would be things like data aggregation, correlation among multiple systems, an alerting process, and detailed reporting capabilities via dashboards with real-time data feeds and monitors.
“I can’t stress enough how important it is to be able to collect all of this information and be able to utilize it to better improve your posture and understanding of what is happening right this second within the organization,” Corney said.
To learn more about SIEM with SOC monitoring and management and how to better protect your network, view Nuspire’s webinar here.