Cybersecurity is increasingly crucial
With the start of the pandemic, the world went online. Going digital has presented many growth opportunities for businesses, but has also put them in jeopardy due to the rising number of cyber threats. According to Verizon’s 2021 Data Breach Investigations Report, 95 per cent of losses from breaches fall between $826 and $653,587.
Poor security can lead to losses or signal bankruptcy in the near future. Breached companies lost an average of 3.5 per cent on the NASDAQ in six months after the breach. There are many cyber threats that companies across various industries may face. Taking action to improve their understanding of security threats can help companies to equip themselves with the necessary tools to minimise risks. Most security breaches can be divided into the following three categories:
- Malware – a file, code, or type of software developed by malicious actors to infect a computer, server, or computer network to access or steal sensitive data. With the successful installation of malware, cybercriminals can remotely control the infected system.
- Denial of Service Attack (Dos/DDoS) – a type of attack aimed at making the system or network unreachable for the intended users. It involves flooding the bandwidth of a system or web server.
- Phishing – a cybercriminal acts as a trusted user and tricks a targeted person into opening fraudulent email or text messages. Such an attack is intended to receive sensitive information such as logins, passwords or credit card numbers, or to install malicious ransomware.
Even though most companies have already enforced security measures such as VPNs, antivirus software, and firewalls, this is not enough to protect against all types of malware. One of the best ways to deal with cyber-attacks is partnering with trusted providers of cybersecurity services. An experienced vendor can help you implement SIEM cybersecurity systems to monitor and immediately react to security alerts within the system.
What is security information and event management (SIEM)?
SIEM is a process that encompasses gathering logs from applications and devices inside the network, monitoring and detecting attacks and indicators of potential attacks, analysing detected events and anomalies, and notifying security personnel or automated reactions to events. In general, SEIM aggregates all logs in the system and provides real-time analysis of security alerts generated by applications and network hardware.
A SIEM cybersecurity solution collects event data from different sources within a company’s network and uses different rules to correlate those events and detect threats. These rules are called correlation rules. There are several types of these rules, including:
- Port scan detection – analyses network traffic for patterns, such as several consequent requests to a certain IP address on different ports. This is a common technique hackers use to find open doors or weaknesses in the system.
- Excessive file transfer detection – triggered when an enormous number of an organisation’s files are copied to an external location.
- Brute force detection – identifies when an actor continually tries to guess sensitive information, such as a password, important URL or file address, either manually or using automated tools.
- Impossible travel detection – timestamps users’ locations and any additional data, such as type of device used and IP address, when they log in to the system. When the user next logs in, the rule compares timestamped locations to detect whether it is possible to move the distance between those login locations in the time available.
Top benefits of SIEM cybersecurity systems
SIEM systems offer several benefits for enterprises. Logs collector sends selected audit logs from the system's devices/applications to ingest components for further storage. The search engine within SIEM system is used for visualisation, reporting, alerting and ad hoc querying. Other advantages of SIEM implementation include:
- Real-time threat detection – SIEM guarantees round the clock system monitoring that detects and responds to potential attacks immediately.
- AI-powered automation – new cyber threats appear every day, and keeping up with them manually can be a time-consuming process. An AI-driven automated security system enables companies to stay up to date with the latest network threats.
- Meeting compliance – SIEM solutions cut down resources and decrease time spent on compliance reporting and auditing.
- Monitor users – by providing increased visibility into the network’s activities, SIEM tools enhance transparency and help to identify threats at an early stage.
Key SIEM use cases in the current threat environment
There are many use cases for SIEM solutions, from assisting security teams with identifying and alerting security breaches to compiling regulatory reports. Let's look at some applications based on the classification provided by computer security researcher Chris Kubecka at the hacking conference 28C3:
- SIEM-enabled anomaly detection and improved transparency can spot zero-days or polymorphic code. This is mainly due to antivirus software’s low identification rates of this rapidly evolving malware type.
- As long as the computer or network device, despite its type, can send log, the parsing, log normalisation and categorisation processes can be automated.
- Visualisation based on the security events and log malfunctions processed by a SIEM system can be leveraged to detect a pattern.
- Pattern detection, alert systems, baselines and dashboards presented by SIEM solutions can reveal protocol anomalies that can point out misconfigurations or security incidents.
- With the help of SIEM tools, companies can expose hidden malicious communications and encrypted channels.
- SIEMs can increase the identification accuracy of cyberwarfare, detecting both cybercriminals and targeted users.
Related customer success cases
Over the years, ELEKS has successfully launched dozens of security-related projects. The experts in our Information Security Department have hands-on experience and have obtained many internationally recognised security certifications, including C|CISO, ISO 27001 Lead Auditor, CCSP, CCSK, CySA+ and CEH.
ELEKS’ security team performed information security risk assessment and business continuity testing for ESET, a leading global cybersecurity provider. Afterwards, we consolidated the report with the potential threats and vulnerabilities based on the results. With the help of this report, ESET were able to define weaknesses and execute necessary security measures. Learn more about the case study.
For Sayenko Kharenko, another of our customers, ELEKS executed an audit of business processes, namely risks, objectives and other significant aspects of the law firm’s data management. We helped our customer to create an effective basis for demonstrating their GDPR compliance and eliminating issues related to storage, processing and transmission of personal data within the company. You can read more about this project here.
Conclusions
The modern technological world provides lots of opportunities online. And while most businesses have already applied some security measures, it is still not enough to stand against the rising number and complexity of cyber-attacks.
One of the first steps in the battle against cyber threats is the implementation of SIEM cybersecurity systems, which offer real-time monitoring, correlation and attack mitigation capabilities. They also enable the storage of historical data for further analysis and even offer replay functionality to enable companies to simulate attacks for training purposes. SIEM options include off-the-shelf solutions or tailored solutions that cater for specific business needs.