How do you prepare for an attack if it takes advantage of vulnerabilities your organization didn’t know about?
It sounds like something Yogi Berra (“It ain’t over till it’s over”) might say. You don’t know what you don’t know. How is it possible to protect your organization against cyberattacks when you don’t know how they’ll even be attempted?
This is the main reason why security information and event management (SIEM) has come to the fore as organizations search for ways to protect their most valuable asset: data.
Pattern detection
An SIEM system approaches data protection from a holistic view. Instead of posting electronic surveillance only in areas prone to breaches, this system seeks to parse as much information as possible from a single point of view.
It results in the ability to detect patterns or trends that are out of sync with what’s expected. It’s not just information that has to be watched. It’s how the information’s being processed. Information management has to marry up with event management as a single security-management system.
Holy smokes, that’s a lot of data!
All data from every location is channeled through one point, where it’s logged and analyzed in near real time. The more data that’s collected, the more the system can determine what’s business as usual … and what’s suspicious.
Two important things here: The first is that humans can’t do this, and the second is that software can’t distinguish between an actual threat and an anomaly. The best that software can do is bring the anomalous events to the attention of the humans.
Your SIEM system is likely a combination of rules and statistical correlations used to establish relationships between events and data. The amount of data involved means that SIEM systems are as complex to run as they are expensive. They’re as close as we can come right now to predictive threat identification.
Machine learning and SIEM
The most sophisticated SIEM products use data monitoring, analysis, and machine learning. This identifies unknown threats by treating anything suspicious as malicious. As good as these systems are at pushing anomalies at you to decide if it’s a threat, they can be brought down by some basic human practices and behaviors.
It’s the applications, not the data
Hackers aren’t stupid. Why try to hammer your way through a firewall? Those tend to be pretty secure. What’s not so secure are all those apps an organization is using to access the data behind the firewalls. The apps are often a free ticket inside your systems.
Your SIEM should monitor the applications with access to data just as closely as the data itself.
Don’t procrastinate with security patches
It’s a pain to keep up with them, and a drain on your IT resources. Grin and bear it. Software updates and security patches are another line of defense against cyberattacks. When they’re available, they raise a red flag, instantly. Attention all cyber-criminals! There’s a way to get to data from non-updated systems.
Then the race is on to see if they can get to it before you close the hole. Cyber-criminals love to hear you’re going to wait until next week to install the patch because a couple of members of your IT staff are out on vacation.
It’s all about timing. The security patch that would have protected Home Depot’s POS systems from being hacked was out and available. The company was in the process of installing it when the breach happened.
Raise the level of awareness about social engineering
Do people in your organization even know what social engineering is? Make sure everyone knows that the easiest way for cyber-criminals to gain access to data systems is to simply ask for permission. Encryption and firewalls are useless if employees are willing to share their access to data.
They don’t do it on purpose. But cyber-criminals have raised social engineering to an art form. They understand human psychology. They’ll engage in methodical ways to influence someone to grant unauthorized access. Most people are unaware they’re being manipulated for this purpose. They think they’re being helpful.
The objective here isn’t to make people uncooperative. It’s simply to get them to think a bit longer and harder about sharing access information.
Merge your security efforts with required compliance
Many organizations are required to conduct security practices that are outlined in federal acts such as HIPAA, ISO, and PCI DSS. These may not be the most current and cutting edge safety guidelines for keeping data safe. But if you’re complying with these mandated guidelines, you’ve got a solid data security program in place. You can build on it from there.
You’ll also be ready in case you’re asked to provide proof of compliance. Your SIEM logs will come in handy for that.
The weakest link isn’t vulnerabilities in your technology
Unless your entire organization is a fleet of robots, you’ve got a weak link in your cyber armor. Human error counts for much of the cyberattacks we hear about. The incidence of cyberattacks by insiders continues to rise, too. You don’t know what you don’t know.
SIEM systems can help you with this murky area. You can make it even less murky by being aware of some of the basic human behaviors that can sabotage technology’s efforts to keep your data safe.
For more information on SIEM and how to keep your data secure, contact the security experts at CloudHesive today.