You don’t have a SIEM? Well you just might need one
Would you be shocked if cartoon penguins suddenly started dropping onto your desktop? Don’t worry – you are still reading an article on SIEM. In fact, this is an example of what happened to someone who hadn’t protected his computer. But thankfully, these penguins were just harmless animations, however, this lack of security could have led to something much worse, such as a data breach.
Penguin in the port
So just how did this happen? Most people are aware of external ports on computers that are used to connect to devices such as keyboards and printers. But there are internal ports, too. These are identified by different numbers and used on TCP/IP networks, which connect files and control specific packets of data flowing in and out of your computer – such as the Internet. However, it is these types of ports that can also leave your computer susceptible to unwanted intrusion. Hackers can easily use particular software to scan for these ports and reveal vulnerable openings to your computer. Therefore, your PC could be at risk whenever it is connected to the Internet.
SCC provides a SIEM service, which delivers a full view of known and unknown security offences to your business
This is what happened to the developer who was subject to a penguin invasion at his very first job. Colleagues used software to scan his computer for vulnerable open ports, found one, and then abused this vulnerability to send countless animations of aquatic flightless birds – much to his annoyance. Being new to the workplace, his new colleagues certainly taught him a lesson in the importance of protecting his PC.
Protect from penguin invasion
Using a SIEM could protect you from this kind of attack, as well as others of a much more serious nature. Enterprise demand for greater security measures has driven more of the SIEM market in recent years. This could be, in part, down to new General Data Protection Regulations (GDPR) as the consequences for not securing your data is now higher than ever before
How does it work?
SIEM combines security information management (SIM) and security event management (SEM) and provides enterprise security professionals both insight into and a track record of the activities within their IT environment. It does this by collecting and combining log data generated throughout the organisation’s technology infrastructure. The software then identifies and categorises incidents and events, as well as analyses them. It then:
- Send alerts if analysis shows that an activity runs against predetermined rule-sets and thus indicates a potential security issue.
- Provides reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities
SCC provides a SIEM service, which delivers a full view of known and unknown security offences to your business. By using our SIEM service, expect the following benefits:
- SCC will collect, store and analyse security event data, consolidating log events and network data from your devices, endpoints and applications distributed around your IT infrastructure
- A market-leading advanced analytics engine (IBM QRadar) providing real-time analytics of log data and network flows to identify malicious activity
- 24/7 proactive security event monitoring and alerting with Security Experts on hand in our Security Operations Centre to support customers.
- Detailed event correlation and automatic prioritisation – supplying customers with proactive advice on the routes to take.
- End-to-end security service reporting and SLAs
- Leverages enhanced threat intelligence