Security information and event management (SIEM) provides financial firms with critical information to monitor, prevent, and diagnose network security breaches. Regulatory guidance offers financial firms a roadmap for implementing technology while meeting compliance and privacy standards. The Federal Financial Institutions Examination Council (FFIEC) provides financial firms with important guidance regarding SIEM solutions, which can help firms securely integrate SIEM or managed SIEM solutions.
SIEM has evolved significantly since it was first introduced, with Gartner estimating 75 percent of all SIEM solutions will use Big Data technology and machine learning, by 2020. Markets and Markets predicts the threat intelligence market will reach $12.9 billion by 2023 and that SIEM solutions will make up the largest share of that market. In light of these trends, it’s critical for financial firms to seek regulatory guidance to ensure these solutions meet industry requirements for data privacy and security.
What the FFIEC Says About SIEM
The FFIEC has issued guidance for log management, noting that logs are critical to investigating security incidents and that bad actors often attempt to edit or delete log files to cover their tracks. They also acknowledge the challenges presented by log files, and that log files are “voluminous and challenging to read.”
The FFIEC notes SIEM systems can provide a solution to these challenges, making log files easier to manage and correlate. As firms incorporate SIEM solutions, the FFIEC recommends firms develop processes in several areas:
- Data collection—The FFIEC encourages financial firms to use SIEM to gather information from systems across an organization. Here’s a listing of the data FFIEC suggests you collect:
- External threat data.
- Operating system, application, and database logs.
- Information from network and security devices.
- Data from policy compliance and vulnerability management tools.
- Statistics and information from physical and environmental monitoring systems.
- Incidents and data from identity and access management applications.
- Data aggregation, analysis, and correlation—You’ll also want to implement processes to gain insights from the collected data. By analyzing the data, firms can recognize emerging trends and patterns that would otherwise be hidden. Financial institutions should consider clearly delineating who is responsible for analysis and what actions should be taken when patterns emerge. According to the FFIEC, “Monitoring event logs for anomalies and relating that information with other sources of information broadens the institution’s ability to understand trends, react to threats, and improve reports to management and the board.”
- Retention and review—Firms should consider implementing clear event log data retention policies, keeping in mind the high value of log data in the event of a breach. Retaining log data is a critical part of reporting as well as gaining an understanding of what led to a security breach in the first place.
- Security—Firms incorporating SIEM solutions would do well to consider incorporating the FFIEC’s guidance around log file security. These include:
- Limiting access to log files.
- Maintaining enough storage to ensure all data can be collected without gaps.
- Encrypting log files with sensitive data.
- Ensuring backup files are secured and disposed of appropriately.
- Setting parameters to ensure previously written log files can’t be modified.
- Periodic auditing by a trusted, independent third party.
By following the guidance of the FFIEC, financial firms can securely implement SIEM solutions that meet compliance requirements, improving security and simplifying compliance reporting.
SIEM Implementation—Best Practices for Financial Firms
SIEM solutions are a valuable tool in protecting financial firms from emerging threats, but implementing SIEM may seem like a daunting task, given the scope of data that can be collected, aggregated, analyzed, and correlated. For a successful SIEM integration, financial firms are incorporating these practices:
- Align SIEM solutions with your business priorities. Look at your firm’s goals and objectives, particularly regarding cybersecurity and compliance. For example, SIEM can simplify compliance by collecting the data needed for reporting, eliminating a tedious manual task.
- Include all stakeholders. As you consider SIEM vendors, include the needs and potential use cases from stakeholders throughout your firm, including those in security, legal and compliance, human resources, and IT.
- Develop an implementation roadmap. Many firms use a gradual approach to SIEM implementation. The right path for your firm depends on:
- The scale of the deployment, including the types of data to be collected and where that data is located.
- Infrastructure configuration, including any needed network upgrades.
- Security requirements, ensuring the parameters recommended by the FFIEC are incorporated.
- Using managed SIEM solutions. To take full advantage of the data collected by SIEM systems, the alerts produced by the system need to be reviewed by experts who can quickly spot anomalies and make recommendations for protecting your network. Reviewing these alerts can be a time-consuming task. Prioritizing alerts may leave some of them unreviewed, which allows for potential security gaps. To address these challenges, many financial firms are turning to managed SIEM solutions.
In particular, managed SIEM solutions can provide a clear roadmap to effective network security solutions for your firm. The right managed services provider can assess your current needs and infrastructure, recommend and implement changes, and develop an SIEM solution tailored to the security requirements of financial organizations.
At DataComm, we are soon to be delivering managed SIEM solutions to financial institutions. Our certified security team has a deep understanding of today’s cybersecurity challenges, and can accurately review and interpret threats, taking quick action to protect your firm. We understand and incorporate the compliance and regulatory requirements of financial firms, and we can help you leverage SIEM to improve your firm’s compliance reporting and security.
Contact us today to find out how managed SIEM solutions can enhance your firm.