Security information and event management, or “SIEM,” is a tool that assimilates all of your log data to give you an all-encompassing overview of the activity on your network. SIEM tools watch over your network and help you stop trouble in its tracks. Whether your organization has 200 or 20,000 employees, SIEM software can be a vital part of any company’s cybersecurity posture.
As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so as soon as I had the idea, I tried executing the concept to see if it would work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.
In 1974, the great Mohammed Ali said of his opponent, George Foreman, “His hands can’t hit what his eyes can’t see.” The same principle rings true in the cybersecurity world; we can't stop an attack until we know it is happening. That is why SIEM experts, like ProCircular’s Josh Resch, dedicate themselves to monitoring our clients’ networks for suspicious activity. Although each SIEM product works a little differently, they are all designed to help identify and track early signs of malicious activity on your network. A well-maintained SIEM can drastically reduce recovery time from a security incident by showing exactly where the attacker has been.
Yes! SIEM (Security Information and Event Manangement) helps with compliance reporting and real-time incident response by centralizing, analyzing, and reporting data about your organization's security events. Other security software has a narrow scope of detection and remediation. SIEM is the most comprehensive type of defense for your network.
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.