|
Successful companies report that information security is technology and process
intensive. These same companies develop policies and enforce them with a comprehensive
set of controls to comply with internal policies, regulatory standards,
industry standards and best practices. These controls are uniform and comprehensive
across the enterprise and monitored, measured and reported on to demonstrate
effectiveness and efficiency in securing critical information assets.
Simple mapping of controls to regulatory standards uncovers gaps that introduce
potential vulnerability or weakness. Ensuring that databases, applications, network
segments or operating systems which are critical to patient, customer or general
business services are secured yields significant improvements in an organization’s
ability to simply comply or defend the enterprise.
Efficient monitoring and management of controls requires the collection and analysis
of millions of logs that often exceed the capacity or capability of most companies’
security operations functions. Manual review of event log files is not only time-consuming
it is often error-prone. Log reviews are often conducted under pressure:
responding to a diligent auditor or investigating a reported breach and the highly
compressed timeframe introduces unnecessary distractions and detours.
Active management of all the logs of all the devices that must be managed to
comply or secure the enterprise exceeds the capacity of even the largest organizations.
Active management of patches, configuration changes or vulnerability of critical
information assets escapes the capability of the most expert IT organizations.
When organizations rely on manual techniques for managing there are pragmatic
limitations to how much data or how many devices can be managed.
To sustain compliance between audits and to strengthen enterprise defense many
companies turn to automation. Automation takes the cost out of compliance and
increases the effectiveness and efficiency of the security team and the entire IT
organization. While short-term needs can be addressed with simple log collecting,
searching and filtering there are many benefits derived from a long term strategy
and management of controls.
Five Good Reasons for Implementing SIEM for Managing Controls
A 2007 research benchmark developed by the Aberdeen Group provides insight
and guidance for “. . .organizations compelled to manage, audit and report on
security related systems and information for the purposes of demonstrating compliance
with industry regulations, government regulations, industry standards and
best practices or internal policies.” According to the Aberdeen Group: “Attending
to compliance on a consistent, repeatable basis was shown to lower operational
costs, support higher scale, reduce security risks and maintain consistent policies
for security and compliance. The ability to sustain compliance with internal policies,
regulatory standards or industry best practices offer companies positive and
measurable results.” Specifically, Aberdeen Group found that best in class
companies shared the following accomplishments:
- Decrease in non-compliance security incidents and security related incidents
- Decrease in false positives
- Decrease in time to complete a compliance related audit
- Increase in the number of systems requiring updates, patches and
configuration changes actively being managed
- Increase in the number of systems generating logs actively being managed
Customers using Intellitactics Security Manager, validate these findings. Managing
with controls is essential to affordable, continuous compliance with internal policies
and regulatory and government standards. A security information and event management
(SIEM) solution is an important enabler for best in class companies and
combines automated logging, event management and security information reporting.
The rising criminal element of information theft and sophisticated hacking techniques
ensures that most businesses will never be able to operate in a completely
risk-free environment. Simply abiding by one or more regulatory standards offers
no guarantee that an organization is effectively secure. Therefore, companies
benefit from a long term, diligent and thoughtful implementation of comprehensive
controls across the managed infrastructure. When companies approach compliance
as an opportunity to improve security practices over the long term, they experience
greater value from the security investment. An organization’s ability to sustain
compliance beyond the audit, or more specifically, build and sustain the compliance
environment, provides long-term benefits that translate into lower costs and
increased profitability.
|
