Page 49 - Cyber Warnings
P. 49
Two difficulties with SEIM are with the volume and format of the information, the vast amount of
information generated by alerts can be overwhelming, it is akin to opening the floodgates for the
first time and the torrent of raw information can be overwhelming.
Coupled with this flood is the format of information and the level of understanding needed to
interpret the alert and follow through to investigate legitimacy.
Many SEIM solutions are implemented on the basis that from a pool of alerts customers have
the scope and resources to perform daily analysis and follow up on the top alerts. This may be
the case where large businesses have both budget and resource for in-house IT expertise but
many SMEs do not. It is the SME size of organisation which need knowledge of the known
unknowns.
Many companies see this type of analysis as a single instance but the reality is that security is a
moving feast which requires constant revisiting.
These types of services need to be coupled with further detection and analysis such as
penetration testing and external scanning. Intelligence from both sides of the firewall is required
in order to fully understand the risks and mitigate against them.
CONCLUSION
• Security is better served when we can know the unknown – security through intelligence
• Treat all systems with zero trust and focus on the data.
• There is a need to consistently test, review and repair as a regular cycle.
• Employee education
About The Author
John Williams is Product Manager (Security Services) at Node4 and has
over 30 years’ experience in the IT and security industry. Prior to joining
Node4 in 2014, John worked for Peapod, one of the leading security
resellers in the UK.
John’s original journalism and writing career merged into the Desktop
Publishing phenomenon of the 1980’s when he bought his first 8088
processor, Xerox’s Ventura Publisher application, and set up Desktop Editorial Design in
Birmingham. This was the start of a winding road dealing with early networking technologies
and understanding how to combat the first boot sector viruses on floppies.
49 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
