The New York Times is attributing the advanced persistent attack they experienced for the past four months to the Chinese government in this great article. While the implications of the attribution are interesting, I found it more interesting that many companies are still thinking they are secure. They're thinking that anti-virus and firewalls are all you need for security. The NYT deserves credit for their transparency on the issue, and it highlights the need to think differently about security. This applies to every organization that owns a computer and considers their data and applications of business value.
In a CSO blog, Antone Gonsalves writes, “There is no one technology to combat a sophisticated attack like the one against the media company – so think layers, say security experts.”
Security layers – it’s a way of thinking about security that does not involve relying on just endpoint security and firewalls. 10 years ago, maybe AV and perimeter firewalls, with a dash of user training might have sufficed. Now, apparently, that’s not the case.
In his CSO blog, Antone points out several technologies to help address new corporate security needs. One of these is Security Information and Event Management (SIEM). He makes the point that capturing and analyzing logs from IT to flag abnormalities may be helpful in addressing these new, sophisticated attacks. SolarWinds has an SIEM product in it’s portfolio – Log & Event Manager (LEM)
Despite LEM’s understated name, it is a full function SIEM product, including log collection, storage, analysis, real-time correlation and automated responses. It includes over 700 rules and filters for security and compliance best practices, as well as over 300 pre-packaged rules.
It’s time to think security layers, and an SIEM may be a good next layer for you to consider. Even if you are not currently in the position of having angry foreign countries crawling through your sensitive information, there are plenty of other security and compliance reasons to consider an SIEM.