Banking Trojan botnets and Denial of Service attacks are the most common outside threats facing financial firms, according to the Verizon 2018 Data Breach Investigations Report. To combat these threats, financial organizations take a layered approach to security, which often includes security incident event management (SIEM). SIEM remains an important part of any financial firm’s security stance, yet many firms don’t know how it fits into the overall security matrix of their organizations. SIEM security complements, and in some instances replaces, security elements for financial firms. With the right guidance, financial institutions committed to security can implement a solid SIEM solution that truly protects their organization.
SIEM and Cybersecurity: Where Does It Fit?
Traditional SIEM solutions collected logs but didn’t provide actionable insights. Today’s SIEM solutions for financial institutions provide a more complete picture, including user activity monitoring, file integrity monitoring, and simplified compliance reporting. Modern SIEM gives financial firms the insights needed to make decisions about to improving security while shoring up holes that may exist another hit critical security elements.
When financial firms consider how to integrate SIEM solutions, a common concern they face is how it interacts with other security tools such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewall monitoring, and log events management. Let’s take a closer look.
Financial firms look to IDS and IPS solutions to prevent and contain external threats. SIEM complements IDS and IPS solutions by monitoring and logging data, including data collected by the IDS, and correlating that data with data collected from other systems from the network.
SIEM doesn’t take action based on alerts; it can be a proactive tool for system administrators, but it’s also used for forensic analysis after a cybersecurity incident. IPS solutions take action based on security threats. Together, SIEM and IDS/IPS provide a complete picture of the cybersecurity threats financial firms are facing and providing the tools for combating those threats.
Just as IDS/IPS solutions work hand-in-hand with firewall monitoring, applying different rule-sets to traffic flows and providing alerts, SIEM also works in a complementary capacity to firewall monitoring. There may be some overlap between alerts generated by SIEM security solutions and your firewall monitoring solution, but the reports you receive from your firewalls are still vital. SIEM collects and correlates information, but the data gathered by the SIEM may not be as inclusive as the data generated by your firewall monitoring solution. Together, though, they provide an in-depth picture of activity across your network, alerting you to potential intrusions and giving you and your team insights as to how to respond.
Log Event Monitoring
Log event monitoring (LEM) has long been a tool for monitoring changes to system settings that may indicate a cyberattack. Since collecting logs is an essential function of SIEM, LEM is one tool that an SIEM solution could replace. SIEM collects and monitors event logs, and then correlates and analyzes them along with other data from multiple devices on your network. It could replace your LEM and simplify your monitoring with enhanced reporting.
Integrating SIEM Into Your Security Toolkit
The first step to integrating SIEM into your security toolkit is finding an SIEM provider. Given the unique security needs of financial firms, and SIEM’s potential for simplifying the extensive compliance reporting required of financial organizations, your SIEM provider should have a combination of security expertise and in-depth knowledge of financial firms. A high-quality SIEM provider will:
- Review and assess your current security approach—Certified, highly-trained security personnel from your prospective SIEM provider will assess your current security, providing insights as to what SIEM will complement, where it will overlap, and what tools, if any, could be replaced by an SIEM solution.
- Provide collateral—They will offer extensive information, including sample reports and data sheets, about their SIEM offerings.
- Perform a discovery call or meeting—They will discuss your institution’s unique needs and how SIEM will meet those needs and harden your security stance.
- Offer a statement of working (SOW) and estimated pricing—The SOW will specifically spell out the scope of your provider’s engagement, and the estimated pricing will be firmed up after the provider gets a baseline reading of your firm’s logs and traffic.
- Facilitate implementation—The SIEM provider will provide a specific timeline, working around the needs of your firm.
- Obtain a baseline—During implementation, your provider will install sensors and obtain a baseline of your logs and traffic.
- Provide exact pricing—After getting a baseline, your provider will provide for more exact pricing.
Once your SIEM solution is in place, your team monitors and reviews the alerts, taking action when needed and pulling information for compliance reporting. One of the challenges of SIEM is the volume of alerts that are generated. It takes time to evaluate the alerts and determine which ones require action. This challenge is one of the reasons firms are turning to managed SIEM solutions.
Managed SIEM: A Better Way
A managed SIEM provider takes on implementing your SIEM solution of choice, and then monitors the alerts generated by the solution, taking actions based on guidelines determined by your firm. SIEM solutions require adjustments over time, and a managed SIEM provider ensures those adjustments takes place so your firm receives relevant information from across your network.
At DataComm, we have in-depth knowledge of the security and compliance needs of financial firms. We’re experienced managed services providers with security certification and expertise. We provide solutions based on your firm’s needs, ensuring you have the latest and most effective technology. Contact us today to find out how we can improve security and compliance for your firm.