With the constantly changing landscape of cybersecurity threats, financial firms are turning to security incident event management (SIEM) to enhance their threat detection and security incident response efforts. SIEM offers firms real-time collection as well as historical analysis of security events from across their network.
The right SIEM solution will log tens of thousands of security events, depending on the size of your financial firm’s network. Keeping up with monitoring all of these events poses a challenge for firms, leading them to consider managed SIEM solutions. To have a full understanding of managed SIEM, financial institutions would do well to consider their key cybersecurity challenges, the benefits of SIEM, and how to choose and implement a managed SIEM solution.
The Key Cybersecurity Challenges of Financial Firms
One in seven breach attempts against financial institutions succeed, and 42 percent of breach attempts go undetected for at least a week, according to Accenture’s 2018 State of Cyber Resilience report. The cybercrime landscape continues to evolve, with recent events such as:
- Insider breaches—Multiple financial institutions were breached by insiders such as current or former employees, according to SentinelOne. For example, a former SunTrust employee stole the data of 1.5 million customers.
- Amateur hackers—Also known as script kiddies, amateurs use and modify other hackers’ scripts to launch DDoS attacks, setting off a chain reaction that causes significant damage. This is mainly due to not using conventional cybercrime and digital tactics. Even though the intent may be to only cause mischief, the ensuing damage can be expensive.
- Hidden Cobra—This North Korean cybercrime organization looks for ways to exploit the vulnerabilities of financial firms. Most recently, they launched an ATM cash-out scheme targeting banks in Africa and Asia.
Malware, ransomware, bots, and more continue to pose challenges. For all of these challenges, today’s SIEM solutions have the potential to harden security and increase regulatory compliance.
Modern SIEM: Opportunities and Challenges
SIEM isn’t a new solution, but it has evolved significantly since its introduction. In the past, SIEM was predominantly a log collection solution. Modern SIEMs work with more than just log data and simple correlation rules. Today’s SIEMs also include:
- Compliance reporting
- File integrity monitoring
- Log forensics
- User activity monitoring
- Real-time threat analysis
Financial firms are using these capabilities to fulfill regulatory compliance reporting requirements, to investigate security incidents, and to counter malware, which is particularly hard to detect with intrusion defense and protection systems.
With all these capabilities, SIEMs log tens of thousands of security events, depending on the size of your financial firm’s network. SIEM management also poses other challenges, including:
- Correlating log data from different types of devices—Differences in brands and operating systems will require tweaking to identify relevant data.
- Defining anomalous activity—For example, identifying unusual user behavior requires historical data and information about user roles.
Dealing with those challenges requires dedicated time, which is why financial institutions are turning to managed SIEM solutions.
Implementing a Managed SIEM Solution
A managed SIEM solution has the potential to lower operational costs and improve security functions for your firm. A high-quality SIEM solution will work in conjunction with intrusion detection and prevention services and firewall monitoring for a well-rounded approach to cybersecurity.
As you consider working with a managed SIEM provider, look for capabilities and experience such as:
- Implementation and tuning—Your managed SIEM provider should be experienced in implementing and tuning SIEM in a financial environment.
- 24-hour monitoring—Alerts can, and will, come in at any time. To ensure a high level of security, your managed SIEM provider should review alerts in real-time and act according to the protocols you’ve developed.
- Active threat analysis—A managed SIEM provider can dig more deeply into alerts, using log data to analyze potential threats.
- Customized reporting and reviews—Regulatory compliance requires regular reporting. Your managed SIEM provider should be able to customize reports according to your needs and provide periodic reviews as requested.
Each managed SIEM provider you consider should be carefully reviewed. As you narrow down your choices, consider the following steps for a successful implementation:
- Ensure your provider has the appropriate qualifications. SIEM management should be done by security personnel. Confirm that the technicians monitoring your SIEM are security specialists.
- Carefully review the Statement of Working (SOW) and estimated pricing for licensing and service. Your SOW and estimated should reflect your initial conversations with your managed SIEM provider, and the pricing and scope of monitoring should be clear.
- Install the sensors and get a baseline reading of relevant logs and traffic. Your managed SIEM provider will help to install these sensors and take these initial readings.
- Determine more exact pricing for licensing and services. Once your managed SIEM provider has baseline information, they will provide you with more exact pricing based on your traffic, devices, and the storage needed for your SIEM needs.
- Expect more tuning. Every organization has unique needs. You and your SIEM provider will need to periodically tune your SIEM to ensure accuracy.
Managed SIEM solutions take time to implement, but the ease of reporting and enhanced security has the potential to save financial firms time and money.
At DataComm, we’re deeply experienced in working with financial institutions. We understand your unique security needs and challenges. Our experienced, security-trained team provides managed SIEM solutions that harden security and provide peace of mind. Contact us today to find out more about managed SIEM.