Why SIEM is a Must in Today's Disparate Multi-Cloud Era? + Webinar Replay

By Amisha Shah | Tuesday, March 3rd, 2020

The cloud first approach is here to stay, it has dominated roadmaps in the investment sector for the last couple of years and is predicted to continue to do so in 2020. With that, keeping your systems and data safe is more important now than ever. Firms are encouraged to have a Security Information and Event Management (SIEM) strategy in place to achieve this.

‘SIEM’ is composed of a group of complex technologies that provide a bird's-eye view into an infrastructure. It provides businesses with centralised security event management capabilities. As well as correlation and normalisation for context and alerting and reporting on all ingested data.

At Eze Castle Integration, we feel that it is an appropriate time to reflect on the evolution of SIEM over the years and how this is applied to investment firms worldwide. In the second discussion of our Eze Tactical Tech Talk Series, we explored why SIEM is a must for firms in today’s disparate multi-cloud era.

Today’s blog will roundup key takeaways from the discussion between our in-house security experts, sharing how investment firms can be vigilant and maintain a strong stance in today’s ever-evolving, volatile threat landscape.

What is a SIEM Strategy?

SIEM is a concept enabling firms to pull data pertaining to their security from various avenues - such as networks, web proxy firewalls, cloud and threat intelligence, for effective logging and monitoring in one centralised location. Investment firms are encouraged to incorporate SIEM into their overall information security strategy, creating a repository of logs where data is filtered and monitored to detect and stop attackers before the damage is done. Our experts suggest the following checks:

•   Ingestion
•   Aggregation
•   Parsing
•   Normalisation
•   Enrichment
•   Retention
•   Anomaly Detection
•   Correlation
•   Alerting
•   Virtualisation

Building an Effective SIEM

Investment firms are advised to build their SIEM strategy with the following considerations in mind.

Visibility

Be sure to think about the breadth of the data and logs being captured and consider if you are pulling from all of the systems relevant to your firm and its operations. Another element to consider here is the depth of the information being captured. Firms should check if their systems are configured to log events with a high level of verbosity.

Sizing and Scalability

Choosing a SIEM solution which is scalable is strongly advised, as well as making sure you have a bespoke size to fit your firm. This will help firms to de-duplicate logging for redundant events such as the same user and IP address repeating the same event multiple times, leaving you smart reporting, easy to digest data and actionable insights.

Another consideration for building an effective SIEM strategy is whether you will have the flexibility to scale your solution as business needs evolve, as well as the monetary and time investment required to achieve this without any downtime. It is good practice to ensure you have enough storage for detailed logs as well as the capability to add notes to these for future reference.

Enrichment

There is no point in setting up a repository of logs if the data will not be normalised or parsed correctly to be fit for purpose. Firms are encouraged to frequently check and assess that they are enriching all threat intelligence data effectively.

Correlation and Alerting

Ensure you have time and entity centric capabilities in place for a holistic view of data. And be mindful of alerting fatigue – we advise firms to prioritise the detection of attack tactics and techniques relevant to their sector for a bespoke reporting.

Listen to the full webinar replay below to hear our security experts cover this topic in greater detail, covering the evolution of SIEM and the challenges faced by the investment sector.