<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=464741397436242&amp;ev=PageView&amp;noscript=1">

    A Siem On A Network | Threat Advice

    The terminology SIEM is often a name we here throughout today’s security topics and discussions. This acronym explained today is a little different than it was back in September 2006, when NIST published an article on Computer Security Logs from their Risk Management Framework. For many, this was when the SIEM, a centralized security monitoring and compliance tool, was born. NIST became the first auditing framework that brought mention of a SIEM, naming it a Security Information and Event Management (SIEM) software system. It was the first centralized system of its kind, integrating with all products being used by an organization, and supplying a centralized security and compliance management system. A tool that today we have become to know as the 3rd generation SIEM (2015-present). 

    Regarding today’s standards, a SIEM would be a system that collects logs of events from all your various networking devices throughout an IT Infrastructure, logs that are all destined for the SIEM’s one centralized system. This one centralized system can aid Security, IT and SOC Engineers alike by supplying analytics, reporting for compliance frameworks, security incident detections and even supplying forensic and incident causes. These features combined into one platform have coined the SIEM as both a network and security monitoring platform, along with compliance aid with reporting of many security frameworks. A few of these frameworks to mention include HIPAA, PCI DSS, ISO, FFIEC and NIST. One growing discussion around SIEM is its threat detection and incident response, which by design allows a SIEM such as Elasticsearch, to become an Intrusion Detection System, and 1st line of defense for an organization’s IT team during those network and security events that have a threshold.  One example of how effective its threat detection and response system techniques are, it has been reported that SIEM systems were able to detect Log4j or Log4shell from late 2021, up to 1 month before the vulnerability was even released to the public with a name, and an official CVE provided to the public. This is due to the log ingestion of multiple systems working together as one, being able to detect patterns quickly and efficiently, where otherwise were equivocally being disguised as normal behavior. Some examples of products that a SIEM integrate with, include the following bullet listing below:

    • Email:  Microsoft Office 365/Azure AD/Defender/Intune/Teams, Google Workspace/G-Suite
    • Two Factor and Identity Access Management:  Cisco DUO, Auth0, Okta
    • VM and Cloud Hosting:  VMware products, Azure environment, AWS CloudTrail, Citrix 
    • Workstations/Servers:  Windows/Linux/Apple are all supported
    • Network devices:  Hypervisors, Network Controllers, Firewalls, Switch’s, Router’s, Wireless
    • Web Filtering:  Cisco Umbrella, Webroot, Mimecast, Cloudflare, Barracuda, Menlo
    • Email Security Platforms:  Sentinel One, Bitdefender, Sophos, Webroot, Carbon Black
    Since 2006 there have been enormous leaps and advances to bring us today’s SIEM efficacy, yet it shares the same basic capabilities, including log data management, compliance reporting, threat detection & intelligence, alerts, along with a dashboard to interface with a multitude of security protocols. The differences since 2006 have mostly been centered around analytics and threat detection advancement, regardless of the angle it is viewed upon, today’s SIEM is an innovative tool that has a niche like no other.  It’s safe to say as a leading security and compliance tool, the SIEM’s scalability will continue its presence for many years to come!   

    ThreatAdvice Breach Prevention Platform