Showing results for 
Search instead for 
Did you mean: 

Security Kung Fu: SIEM Solutions

Level 11

With a 24-hour news cycle, we are constantly bombarded with headlines detailing the latest data breach, malware infection, email phishing scam, or high-profile compliance violation. Although the source of these incidents often varies, the consequences for businesses of all sizes remain relatively the same: hefty fines, brand damage, loss of customer loyalty, and in more severe cases, criminal penalties and lawsuits.

It’s no wonder nowadays we no longer consider IT security a “nice-to-have,” but a matter of your company’s survival.

In each of the Security Kung Fu webcasts, we dedicate at least a portion of the session to discussing the “cyber threatscape” and its impact on business. In many cases, this can be profound, especially if breaches of sensitive information are involved. Be sure to check out the  Security Kung Fu: The Saga Begins blog, where I summarized the perspectives of my colleagues on this very subject. But, enough with the doom and gloom. I’m sure with all this in mind, it begs the question, “What are businesses doing to protect themselves?” For starters, as we learned in Part One of the Security Kung Fu Webinar Series, they’re applying several “security stances” (as we’ve dubbed them) to help the situation.

As part of this session, we discussed these security stances in-full and take a deeper look at the role of Security Information and Event Management (SIEM) solutions in assisting with this approach. I encourage you to dive into the resources below to learn more or read along to find out what all this event had to offer!

Watch the On-Demand Recording | Check out the SlideShare

Meet the Security Kung Fu Masters

For this inaugural session of the Security Kung Fu Series, I welcomed SolarWinds Sales Engineer, Curtis Ingram. You may recognize him under his THWACK® handle (@curtisi), but in case you don’t, Curtis possesses a deep knowledge of IT security, compliance, and the role of SIEM solutions in meeting these important business objectives, which he often shares on THWACK.

Along with Curtis, we were joined by Ian Trump, a cybersecurity strategist with over 20 years of experience that all began with a stint in the Canadian Forces, Military Intelligence Branch. Ian’s 2016 in-depth analysis of cybercrime and threats of the future was featured in industry publications, such as SC Magazine®, Infosecurity®, IDG Connect®, CBR, The Times, USA Today®, and The Sunday Herald. He continues to be a well sought-after resource on the topic of cybersecurity, as a thought leader on the subject.

Three Security Stances

As noted above, our Security Kung Fu Masters set out to describe the various ways businesses are arming themselves to combat cybersecurity threats. These security strategies classified into three distinct groupings: proactive, detective, and reactive-recovery. Here’s a taste of what we learned.

Proactive Security

Proactive security is generally preventative. It involves hardening endpoints, applying things like antivirus software or patch management software, and conducting user awareness training. These are all methods of preventing bad guys from getting on the network.

The subject of taking preventative measures has been around in the security industry for ages, and a strong majority of solutions in the security space align with this stance. However, we contend that taking this approach alone is simply not enough. Furthermore, these proactive measures can sometimes give you a sense of over-confidence, which in many cases, is downright dangerous.

Detective Security

Due to the growing sophistication of hackers and their ability to identify and bypass common means of defense, detective security is becoming increasingly important. Detective security applies the use of SIEM solutions to help you establish what is “normal” activity and distinguish it from the abnormal. Not all anomalies on the network correspond to security incidents, but having a means of determining the difference is critical. More on the SIEM solutions piece in a bit.

Reactive-Recovery Security

The reactive-recovery stance fills an important gap not fully addressed in the previous stances. It involves responding to and recovering from compromise. This often takes the form of a backup service offering, which provides the ability to restore business operations to normal and maintain the availability of data. The most widely understood example of this involves the threat of ransomware. Rather than fronting the bill for recovering an encryption key to unlock their data, businesses will simply restore from backup to minimize its impact and keep IT operations up and running.

The Role of SIEM Solutions

As you might have gathered, businesses must do a lot to fully prepare for and guard against the multitude of threats they face. In the absence of time, we honed in on one such solution that contributes to this goal and is the sole-supporter of the detective stance as we described it: SIEM solutions. Here is what we’ve picked up:

SIEM solutions have evolved to play a much more critical part in improving a business’ IT security posture and helping to usher in a state of compliance. Looking to the Lockheed Martin Cyber Kill Chain® as a teaching aid, we understand the anatomy of a cyberattack and its various stages. From this, a SIEM solution’s contributions become clear.

  • Gives you visibility in an area that is critical to your business “Threat Hunting”
  • Only solution with forensic feature to go back in time to review incidents
  • Assists with compliance and providing evidence for IT security audits
  • Uncovers unauthorized changes in the environment
  • Detects insider threats such as data ex-filtration
  • Provides a record of network layer activity, correlated with machine data and ultimately user behavior

Which Security Stance is Best?

Though much can be said for taking a proactive stance, this alone does not allow you the flexibility you need to meet modern IT security threats. If not backed by the detective stance, in particular, you’re in for a hard ride. But the fact of the matter is that you really need them all to complete a well-rounded approach. This means, the application of a variety of security solutions, the training of your employees, and so much more all needs to be present in your security strategy, lest risk security holes that can lead to compromise.

Like what you’re reading so far? Be sure to check out the entire Security Kung Fu webinar series on-demand and stay tuned for my next blog recapping Part Two of this series.

1 Comment

Nice descriptions of various strategies, thanks for the post. SIEM is becoming more of a hot topic and unfortunately so many of the systems out there are made for the deep diver rather than the generalist / network admin / systems admin, etc. It's great if you have the breadth of staff to have someone that thinks in binary, but many of us do not and we need tools that we can actually use.

About the Author
While serving as Product Marketing Manager at SolarWinds, I led the messaging and strategic marketing direction for over 13 products from the Security and Tools Portfolios. My introduction to the IT space came in the five years I spent working for an Austin-based colocation, managed hosting, and private cloud provider that assisted businesses in the healthcare, financial services, education and various other industries with high security needs and sensitive data. In that time, I learned a lot about the hosting industry, IT service management, physical and technical security, and of course... regulatory compliance.