Security Information and Event Management (SIEM) is a silo of security primarily meant for organizations needing real-time alerts of various types of security threats, be it internal or external to the organization. The very basic beginning of implementing a SIEM may start at collecting logs from all devices/or event sources with a while to generating preliminary reports and then later for longer time retention for forensic reasons. However, much intelligence can be derived from these logs once they are run through a powerful co-relation engine resulting in getting real-time threat monitoring. Most versatile and comprehensive SIEM implementation can literally monitor any devices either by standard connectors provided or though custom development using an SDK. The larger goal of most organizations is scaling these implementations into a full-fledged Security Operation Center (SOC). When diligent choices are made on vendor solutions; a lot more value could be brought on top of a SIEM implementation paving way to a SOC at a later stage.
It is customary on the side of large organisations to acquire various types of networking and security devices; as and when the need arrives. Organisations also implement other solutions such as messaging systems, applications running different type of databases – over the years leading a mammoth infrastructure having several hundreds of event sources to monitor. While it is necessary for all of them to co-exist within an enterprise for daily conduct of activities, it becomes increasingly difficult to monitor these devices from a central location primarily with an objective of gaining visibility to the various threats the enterprise may face either internally or externally.
The biggest challenge most security officers face is not having enough visibility in to the enterprise’s threats. It is all the more important that the security team in an organization gets to know the threat as and when emerges. A SIEM implementation addresses this issue and provides you with actionable real-time alerts empowering you take corrective measures as and when a threat emerges. It could be a good practice to retain logs from all devices to begin with if you cannot find the budget for SIEM solution; but prudent should be exercised to choose the right platform so that adding any modules on top should be achievable with ease and comfort. There are several compliances packages which could be implemented on top a SIEM implementation such as ISO27001, PCI-DSS, HIPPA, NERC , SOX and others. A SIEM could be fine-tuned to address several use-cases as also Pattern Discoveries, Fraud management, Insider threat etc. Mature SIEMs provide automated mitigation of threat based on policies defined.
ComGuard has been associated with ArcSight since 2007 and has played a pivotal role in building the MENA market for the vendor, resulting in several large implementations achieved through partners spread across the region.
ArcSight, now part of HP since 2010, is the only SIEM solution to feature in the Gartner’s Leaders Quadrant over the past decade consistently; and is regarded as a mature SIEM, currently protecting some of most known threat-prone organizations defense establishments in the world, In addition to very many names in the Governments, Banking and Finance, Telecommunication, Oil and Gas, Utilities and others. This prominent marque of customers includes several well-known names in the Middle East too.
ComGuard has a team of engineers have extensive depth in designing and implementing SIEM for large enterprises; and the primary role of this team to assist partners across the region who are committed to HP ArcSight technology.
To know more about ArcSight CLICK HERE