Articles

Added value of using SIEM tools thinking about information security

By September 4, 2020 No Comments

* Tayná Delvechio

Working in Information Technology and / or Security, you have probably come across the term SIEM being mentioned in meetings and technical evaluations.

Tool popularly known as “One that supports the collection of system logs”, SIEM (Security Information and Event Manager) in its translation, brings us the concept of Information Security Event Management. For this reason, when we think about SIEM we only associate it with the control of data logs, but this tool is also a valuable source of services and provides much more utility than just log capture.

According to the definition of Amrit Williams and Mark Nicolett in the year in which the term / tool appeared in 2005, SIEM the “system capable of presenting, collecting and analyzing data from access control software, network security devices, operating system logs, compliance tools, databases, vulnerability management and external threat information”. Checking this brief concept of the service offered, we understand that the purpose of this type of tool is the execution of aggregated services together with artificial intelligence and reading of predefined rules for warning of actions generated by security assets (Firewall, IPS, IDS, antivirus etc.).

Amplifying the concept of this term, it is identified that SIEM basically it's a mixture of two other types of tools:

  • SIM (Security Information Manager): Responsible for Information Security Management;
  • SEM (Security Event Manager): Responsible for Security Event Management.

The idea is to unify the execution of two services within the same tool. The collection and storage of the logs provides, through a proactive assessment, in real time of the alarms identified, so that mitigation actions and adjustments can be carried out more efficiently and effectively within the situation presented.

In addition, the generation of executive reports brings a complete view of cyber risks, making it possible to improve the assessment and control of the environment based on people, processes and technologies (as indicated in ISO / IEC 27001: 2013), adding to the cycle of continuous improvement (PDCA) and problem mitigation. In its most variable aspects and configurations, as suggested through Gartner, we can introduce concepts demachinelearning, advanced analysis of statistics and other methods to carry out validation, while also making use of artificial intelligence to gain strength, assertiveness and effectiveness within the resolutions necessary to the scope of the evaluated activities.

The cost of implementing, maintaining and administering this type of tool is high. For this reason, transferring this responsibility to a SOC (Security Operation Center) environment can be beneficial and effective for small to large companies. As mentioned in the concept applied to the Risk Analysis process (ISO / IEC 31000: 2018) carried out in certified or non-certified environments, we can transfer responsibilities to specialized third parties to manage specific processes.

SST (Safeway Security Tower) provides this type of service while protecting its environment. The flagship of a SOC environment is SIEM tools.

Currently, the main SIEM solutions worked on in our SOC are QRadar and AlienValut, however the model as a service enables each service provided to each customer to be unique, according to the required needs. Operating 24 hours a day, 7 days a week, your company can rest in peace while our professionals take care of the health of your environment.

As always suggested by the words of the Chairman of [SAFEWAY], Umberto Rosti “Don't waste time and resources doing a big operation that is not your core. Have a SOC and know the risks and threats of your business, remedying them quickly ”.

* Tayná Delvechio is GRC and Information Security Consultant at [SAFEWAY]

About [SAFEWAY]

 THE SAFEWAY is an Information Security company, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet business needs. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil.

Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!