Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.
Over the past couple of years, the Security Information and Event Management (SIEM) solution has been recognized as an effective tool in the Security Operation Center (SOC) of organizations. Whether it comes to managing the multiple tools or meeting the compliance standards, SIEM has always been playing its crucial role. However, since there is a multitude of SIEM solutions available in the IT market today, selecting the right one is an extremely important but difficult task for enterprises. To this end, organizations must be familiar with the benefits of SIEM technology.
In this article, we will explore a 5-point checklist that would help you when you evaluate a SIEM system for your company.
SIEM and SOAR Integration Capabilities in 2019
Integration is one of the most critical features that every security product should have. But, unfortunately, this is not a case when it comes to too many traditional security tools. The organizations that were using SIEM with having integration capability remained secure to a large extent. For example, an effective SIEM can inject Threat Intelligence Feeds (TIF) from multiple different sources. Using this feature, security professionals working in a Security Operation Center (SOC) don’t need to work on multiple consoles to deal with various security tools. Instead, the integrated SIEM will provide a single console to operate all tools collectively. As per the Gartner, SIEM is the most wanted tool that provides inputs to the SOAR solution. Therefore, their integration is important.
Like the previous years, 2019 also witnessed the surge in data breaches and cyber-attacks. However, organizations having SIEM or/and SOAR system in place were better than those using traditional security tools. The cyber-attacks in 2019 were mostly related to financial crimes, supply chain attacks, phishing exploits, state-sponsored attacks, Grid attacks, health sector attacks, and attacks on IoT devices. Cybersecurity skills shortage was also one of the major concerns in 2019.
Today’s cyber threat landscape is diverse – new threats are emerging every day and cyber criminals are being sophisticated in terms of their covert nature and ability to launch attacks in massive frequency with minimal chances of detection.