SIEM becomes even more important
In the IT security sector, the consolidation of log protocol and the detection of irregularities are becoming increasingly important. More and more IT companies are focusing on central logging or security information event management (SIEM for short). This year, the legal regulations surrounding data collection and data security incidents will be tightened as the new European Data Protection Act (GDPR) came into effect on 25 May 2018. Although it is primarily a European regulation, the GDPR will affect many Swiss companies with branches in EU countries, as well as those who offer their products and services to European customers (see detailed information about GDPR - information in german)
Why is security information event management necessary?
Statutory accountability laws require companies to have established control mechanisms in place to ensure compliance. In addition, companies are required to notify regulatory authorities of violations to personal data protection. This brings us to the topic of central logging and SIEM.
As a provider of secure IT outsourcing solutions and high-quality managed services, ITpoint views centralized log management as absolutely essential. The same goes for the use of security breach detection and analysis tools. The goal is to identify incidents as quickly as possible, examine their relevance and take the necessary steps. Until recently, log management was mostly a matter of internal concern for companies. However, under the new data protection laws, security information event management has an external, criminal dimension as well: all data breaches must be reported to the authorities, and anyone whose data has been affected must be notified. The EU plans to take drastic measures to ensure that the tightened data protection rules are implemented.
How do we handle logging and control tasks at ITpoint?
There are many SIEM solutions available on the market. Among the most prominant are SPLUNK and IBM’s QRadar. It goes without saying that IBM’s solution is not cheap, but it is well-suited to larger enterprises. For ITpoint’s data center needs, this modular, variable, multi-client solution is an excellent choice. For us, the multi-client capability is particularly important. Not only do we use security incident event management for our own company, we also offer it to our customers as a high-quality managed service. One major plus of QRadar is its optional threat protection. This feature allows users to…
- identify security breaches amid high amounts of log information in real time,
- prioritize them,
- and pinpoint their location, cause and type.
QRadar can record the exact information and show which new data protection laws apply, either on the screen or in a document.
Does SIEM offer any benefits beyond legal compliance?
Only using central logging to fulfill legal requirements means missing out an excellent opportunity. Security incident event management can support and advance a company in many ways. First and foremost, SIEM helps protect a company’s reputation, building trust among its clients and the general public.
A professional SIEM system also simplifies the work of the IT security team. Pre-defined best practices help identify anomalies or incidents as quickly as possible and respond to them efficiently. This saves time, as IT personnel no longer have to go looking for a needle in a haystack. What’s more, IBM QRadar identifies contiguous events, particularly when they have been generated by an attack on multiple security systems. If logging is decentralized, these relationships are not recognizable.
How will ITpoint use SIEM in the future?
At the moment, we are working intensively on IBM’s QRadar solution. A proof of concept (POC) for security incident event management within ORIA Prime Managed Services will be available within a few months.