You may have heard about something called a SIEM. You may have even asked yourself: “What is a SIEM, and why does my credit union need it?”
What is SIEM?
To begin, here is a little background on what a SIEM is. Everybody remembers that centralized logging is a good practice. You never want to have your logs on local devices. Network devices, servers, workstations, firewalls – you want to have those centralized, for a number of reasons. If a hacker were to compromise one of those devices and the logs were stored locally, the intruder would have the ability to manipulate or delete those logs and cover their tracks.
Having those logs centralized gets them off the device, making them tamper-resistant (though not 100% tamper-proof, because nothing is) and preventing hackers from covering their tracks. For these reasons, it makes sense to keep all logs centralized.
Once you centralize the logs, there are mountains of data. The question becomes – how do you make sense out of those logs? This is where the SIEM proves useful.
Why is SIEM helpful?
A SIEM is a security information event management system. It collects all types of logs, and you can ingest them in batch. Most of it is in real-time from whatever devices you have on your network. The SIEM takes those logs and normalizes them.
You also can create rules based off of triggers or anomalies that are happening on your network, such as attempted file system access from a directory login that fails over a period of time. The SIEM collects those anomalies and creates a holistic view of your entire network, including all of your devices, so you can identify suspicious traffic or logins, cyber-attacks, attempts to scan and penetrate firewalls, etc. The SIEM presents all of these instances in a dashboard view that’s easy to read and easy to follow, making it easy to spot danger areas.
This is a monumental improvement in your security. If you do not have a SIEM, you cannot see what is going on in your network at any given time. But having a correctly configured SIEM in place gives you that view into the network and your infrastructure.
Every credit union IT should have some type of SIEM in place – a SIEM with the ability to write rules and triggers, monitor activity, and empower you to act on that information. Using a SIEM is a safe and effective way to understand what is occurring in your network at any given time.
Want to learn more about SIEM? You may be interested in some of our related content below.