I recently got the chance to chat with an old industry contact of mine who now manages projects for a local business solutions firm. It was actually quite surprising to see him online on social media in the middle of the workday.
During our chat, he casually mentioned the reason — their internal network was down due to some incident. Their IT team was taking quite a while trying to figure out what went wrong and they pretty much had to twiddle their thumbs until they’d be back up and running.
I asked if they already use security information and event management or SIEM tools which should help them zero in on the possible causes of the issue. Proper log collection, management, and analysis could easily reveal all events, activities, and errors across computing devices and network appliances.
However, manually checking event managers and logs is tedious and inefficient. SIEM makes the process more efficient and automatic. Today, ArcSight, Splunk, and SolarWinds are just among the leading names in the segment.
Some SIEM tools that leverage machine learning now even boast of predictive capabilities that can readily notify or warn IT teams of potential issues before they even happen. I was hoping that a tech-related organization such as theirs should be leveraging such tools.
Unfortunately, this was not the case at my friend’s firm. With plenty of frustration in his language, he replied that their IT team actually looked like a pair of headless chickens inside their server room fiddling with racks and appliances trying to find the cause. Not even once did he see them even bring up Windows’ Event Viewer.
Also Read: Why SEA governments should adopt blockchain
This didn’t really come as a surprise. It isn’t uncommon for IT staff of smaller organizations on this side of the globe to serve more as computer and network repair technicians. And this is despite modern business wisdom dictating that IT departments should now cover a wider set of technical skills including (but not limited to) incident mitigation and response, cybersecurity, and governance. The skills gap between developers and IT staff can cause friction between the two teams.
Team synergy concerns aside, what’s more concerning is that businesses continue to fall short in adopting modern security measures.
SIEM tools have been quite valuable in helping IT teams track issues within their networks but they’ve become a huge thing in the US and in Europe due to the emergence of laws and regulations that required compliance from companies. Regulations like the GDPR have provisions that heavily penalize organizations that fail to disclose security incidences. As such, solutions providers swooped in to fill the need for tools that comprehensively keep tabs of everything that happens within an organization’s IT infrastructure.
SEA hasn’t generated as much buzz concerning the enforcement of data privacy though there have been some efforts to promote data privacy and security in the region. The Philippines has had data privacy signed into law even back in 2012 but it’s only recently that the government made real effort to spread awareness and enforcing the law. Recently, its privacy commission cracked down on online lenders that resort to debt shaming clients through their clients’ mobile phone contacts.
Other countries still appear to be trying to make sense of data privacy as well. Malaysia has the Personal Data Protection Act since 2010 but it has been criticized for its lack of provisions for cross-border data processing and online data. Indonesia has yet to establish similar stringent regulations.
And despite the presence of these regulations, companies, especially smaller enterprises still, have yet to warm up to investing more in their cybersecurity. Significant breaches in the SEA region have already been reported over the past years. Even the region’s tech leader, Singapore, was revealed to be vulnerable after suffering breaches that affected its citizen’s healthcare and identity data in separate incidences.
Most small businesses I have had discussions with concerning IT adoption share that they only allocate very meagre resources and attention to cybersecurity. IT security often consisted of free antiviruses installed on individual workstations. It’s rare to encounter companies to make use of measures that secure networks as a whole. Not everyone is even aware of good security practices. For instance, it’s still common to see them use Yahoo Mail despite calls by experts for users to ditch the service after the massive breach that affected the company a few years back.
Granted that many of these businesses aren’t necessarily involved in tech or software development. But it can be worrying to encounter even tech-related businesses, though relatively small, not to have what are now considered essential security tools like SIEM solutions.
SIEM tools are capable of tracking all activities across the network and even individual endpoints and devices. They can also be used to log and analyze access attempts and malicious traffic. So, should a breach or security incident should happen, companies will be able to accurately determine the vector of attack and the scope of the breach. On a compliance standpoint, such information should provide organizations with some legal cover in the event that disclosure must be made.
But even without the threat of penalties and legal action, SIEM tools can greatly benefit its adopters. IT teams can use them to capably diagnose root causes of issues that bog down networks thereby hastening resolution and minimizing downtime. Many SIEM providers now also offer their solutions as cloud-based software-as-a-service (SaaS) offerings making them more affordable and easier to integrate. Open source SIEM tools are also available for those with ample technical know-how.
This said SIEM tools are just a few of the many solutions modern enterprises must adopt to comprehensively protect their infrastructures and prevent cyberattacks and security breaches that seek to compromise their security.
–
Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.
Join our e27 Telegram group here, or our e27 contributor Facebook page here.
Image Credit: chuttersnap
The post Why using security information and event management (SIEM) tools makes sense even if SEA isn’t high on compliance yet appeared first on e27.