What is SIEM and How Will It Help My Credit Union IT Team?
You have probably heard of SIEM. The term first started appearing in early 2001. SIEM = Security information and Event Management. SIEM approaches security management by providing a holistic view of IT Security for the entire Credit Union enterprise. And as a note is pronounced “sim” with a silent e.
What is it?
A SIEM system is based on the notion that the relevant data about an Credit Union’s IT security is produced in multiple locations and that viewing all the data from a single view makes it easier to spot trends and see patterns that are out of the ordinary.
What’s it do?
A SIEM system centralizes the storage and interpretation of logs and allows near real-time analysis that enables security personnel to take defensive actions more quickly. A SIEM system collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting. By bringing these two functions together, SIEM systems provide quicker identification, analysis and recovery of security events.
Another important feature relates to COMPLIANCE. Automation and Assurance of Compliance are part of the benefits of SIEM. SIEM systems collect, consolidate and allow analysis all pertinent data.
How’s it work?
SIEM systems need deployment of multiple collection agents to collect data from security-related events from end-user devices, servers, networks, firewalls, Anti-Virus, and Intrusion Prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To allow the system to identify anomalous events, it’s important that a profile of the system is established as the base line (normal) event condition.
At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between events log entries. In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced. The danger of this approach, however, is that relevant events may be filtered out too soon.
What’s it Cost?
In the past, SIEM systems have been typically expensive to deploy and complex to operate and manage. While Payment Card Industry Data Security Standard (PCU DDS) compliance has traditionally driven SIEM adoption in large enterprises, concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer. The good news is, costs are being driven down by the introduction of next generation tools like N-Able which can scale and grow with your Credit Union. At Ongoing Operations, we’re pushing the envelope even further and typing the data analysis and reporting back to compliance requirements such as the AIRES.
Will It Work?
Implementing SIEM has its challenges and failed and stalled deployments common. Credit Union CIO’s can avoid the six most common causes of failures by following these best practices;
- Undertake Careful Planning
- Set expectations
- Define scope (realistic not optimistic)
- Adequate resources number and experience
- Phased implementation
Next week we’ll look closer at how SIEM has evolved into sophisticated IT Management tools and take a closer look at how to justify an information management tool for your Credit Union.
Want to learn more about the services that Ongoing Operations provides? Click here.
Interested in what OGO is up to? Subscribe to our blog today!
Welcome to the Ongoing Operations blog archive.
For our most up-to-date information, please visit ongoingoperations.com.
HOME