The utilization of hybrid and remote workforces, the increased adoption of cloud technology, and the interconnectedness of supply chains all contribute to the enhanced agility and responsiveness of contemporary organizations. However, these benefits come at a cost.
- 3.4 billion. The number of phishing emails sent every day.
- 30,000. The number of daily denial of service attacks.
- 623 million. The number of ransomware attacks reported in 2021.
- 1,200. The average number of weekly attacks per organization worldwide.
- $6 trillion. Annual global cybercrime costs.
These statistics clearly indicate that cybersecurity has now become a problem beyond the capacity of humans alone. As a result, businesses are actively seeking methods to automate a greater portion of their security operations. One solution that meets their requirements is Security Information and Event Management (SIEM). SIEM systems gather real-time log data from various hardware and software sources, which is then analyzed and examined in a centralized console.
Complexity a Challenge
In theory, that process should provide IT teams with actionable intelligence they can use to respond rapidly to suspected threats. However, SIEMs have a reputation for collecting far more data than IT staffs can adequately investigate. In one recent survey, more than 80 percent of organizations complained that SIEM systems generate a large number of false positives, making it difficult to identify legitimate threats.
SIEM systems can improve your ability to detect and respond to growing numbers of security threats.
In addition, the sheer volume of raw log data makes it difficult to understand when, where and how something happened. A 2019 McKinsey study found that more than 80 percent of log data is simply meaningless noise that requires a great deal of filtering. IT specialists have to spend an inordinate amount of time manually adjusting data to make SIEM reports understandable to the management team and other non-tech stakeholders.
Some of these issues can be resolved with periodic rules and configuration updates, but that’s a time-consuming process. Such fine-tuning typically requires highly specialized security and networking experts to manually evaluate and adjust every log source, correlation rule and alert.
Benefits of Managed SIEM
Organizations without the expertise or resources needed to effectively manage a SIEM system can still gain all the benefits by utilizing a managed SIEM solution. In this approach, a managed services provider with specific SIEM expertise can design and deploy a hosted solution that reduces your IT burden.
An experienced provider can dramatically reduce false positives by configuring the software to ignore certain types of alerts and ensure that data is only collected from the proper sources. When alerts are generated, the provider’s team can closely examine the log data to determine if it is a true security incident or simply a rules configuration anomaly.
How GDS Can Help
GDS offers customers a managed SIEM solution as part of our Security Foundation Service. In this service, a security appliance featuring SIEM connector software is deployed behind the customer’s corporate firewall. The connector software ingests, filters and aggregates customer log data, converts it to a readable format and then transmits it to the SIEM platform deployed in our network operations center.
Our team then uses statistical and pattern modeling tools to accurately identify new and evolving threats while paring down the overwhelming amount of log data being reported. Alerts are automatically prioritized based on identifiable characteristics, eliminating much of the time, manpower and expense required to manually comb through large volumes of log data for investigation and response.
SIEM systems can improve your ability to detect and respond to growing numbers of security threats, but they can create significant deployment, configuration and management challenges. Contact us to learn more about how to use our managed services to address those challenges and boost your security posture.