Prioritizing Detection in Cybersecurity Planning - Securing Our House
At Mapletronics we have made "Securing Our House" as a number 1 priority in 2020. While cybersecurity has been on the forefront of our minds for quite some time and we have worked diligently over the years at protecting our business as well as our client's businesses from cybersecurity threats, we want to put extra emphasis on looking internally to all of our policies and procedures to clean everything up and make sure we are protecting ourselves as much as we possibly can and are up to date on all security best practices.
In our ongoing Secure Our House series we are reporting on what we are doing internally to make sure we are at the top of the cybersecurity game to help you begin to think about and implement some of the same policies and software within your own organization.
An important factor for us as we look internally is how we are addressing the detection of cybersecurity risks as they come in addition to are already strong prevention techniques. An important piece to the detection puzzle has been implementing a SIEM to detect threats in real time as they are found and have comprehensive logs and analysis of all events on the company network.
A SIEM works by collecting and reviewing your log files in real time. All of your network devices generate log files when any events or actions occur. If, for example, a new software is installed to your computer and your computer starts talking to another computer in China and a new network process is started, log files are automatically generated. These log files typically just sit on your device and are purged by the device after a period of time. These log files are actually very important in detecting an anomaly on your network if they are monitored. A SIEM does this monitoring for you.
A SIEM is a device or piece of software that runs on your network and collects all of the above-mentioned log files. A SIEM will automatically detect and tag any files that seem suspicious or set off security red flags, it then sends these suspicious log files to your IT department or to a SOC (Security Operations Center) for review and action.
For example: Joe in accounting gets a keylogger virus on his computer. The computer generates a log file to reflect the new software and system process. The SIEM grabs that log and sends it to the SOC. The SOC reports it to your IT department and the virus is cleaned.
It is important to note that a SIEM is a reporting tool. It doesn’t make any changes to your system or directly stop a cyber-attack or virus. It is instead a tool that is used for early detection which is critical in keeping your network safe.
Employing a SIEM is of ever growing importance as security threats become more prevalent and hackers continue to become more advanced. While prevention is an important strategy to protecting your business, detection is equally important. Many security experts advise businesses to prepare for a breach rather than plan on being able to prevent one entirely forever. A SIEM is one piece that can help you rapidly respond when a hack happens before catastrophic damage is done.
Enjoying this Securing Our House Series? Find more in the series here.
Ready to begin discussing your cybersecurity strategy or want more information on employing a SIEM for your business? Schedule a free consultation with our security experts today.