A SIEM (Secure Incident and Event Monitoring System) is one of the most powerful components available to protect your firm’s network, and it’s now affordable to firms of all sizes. But you need to know what to look for when selecting one. Listen here for our recommendations.
One of the greatest components available today used to be that large enterprise businesses could afford what we call a SIEM. A SIEM is a security incident and event monitoring system. This system is available to every business today. And I wanted to talk briefly about what to look for when you’re looking for a SIEM.
The first thing that you need is a team of security analysts is watching your network 24/7. If you don’t have the 24/7 approach, the concern becomes that there can be a bad actor on your network. And they can be there for hours, days, even weeks. The longer they’re on your network, the longer they impact your backups and backdoor and ability to recover from that incident. So to avoid the passive approach to security, you need to be focusing on the next generation of security.
Every business needs an active plan. This act of plan is very similar to the building security that you have in place, you have cameras monitoring, you have doors that are locked, you have alerts that are sent to authorities, you need the exact same system in place on your network, and one of those components is two factor authentication. The username and password of the past is just too easy.
To get around from a bad actor standpoint, they only need those two pieces of information to gain access to your network with two factor authentication, they need far more information. They need your username, they need your password, they generally need something that you own in many cases today that is your phone. And they also need the 32nd code that is generated. Trust me when I say two factor authentication is not new to you.
If you go to any banking website, whether personal or business, you’re required to have two factor authentication, you need that same authentication on your network today. It is not difficult, it is not expensive. You need to be looking into it if you don’t already have it. And there’s multiple ways to implement that. So please take the time to figure out what is best for your business. Additionally, you need to have some type of alerting mechanism, something that’s letting you know there’s nothing worse than having a bad actor on your network silently, doing no damage for six months.
What they are ensuring is that their back doors are making it onto your backup. One of the best ways to recover from an intrusion is to go to your backup and restore. But if you’re finding out six days, six weeks, six months later, all of your backups have those backdoors in place and you’re just restoring them. This is detrimental. The earlier you can identify a risk, the sooner you can eliminate that risk.
What we’re talking about here is data storage and retention. Assume records everything that’s happening on your network much the same way that a video camera records what’s happening in your building. And it’s the ability to go back and see what took place in order to take corrective action. If you’re only storing data for two or three weeks, and the intrusion took place six weeks ago, you’ll never know how they gained access, you’ll never know how to close the door.
It’s critical that you have the data that you need. And in order to do that you need unlimited retention for a minimum of three months and recommended six months storage. You need a powerful scope of coverage when we’re talking about a SIEM. If I were to relate it to the antivirus definitions, we used to update antivirus definitions weekly or daily. In some cases monthly depending you need to pull in your security information from critical sources and you need two or three of them and they need to be updated generally on an hourly basis. These sources can be found commercially, they can be found from the government. But you want to make sure that you have two or three sources feeding your SIEM. Today, businesses cannot be passive in their approach. You must be proactive, talk to your provider and come up with a plan.
We’ve got answers — fast, clear, and tailored to your needs. Let’s talk tech.