Redefining Cybersecurity with SIEM Practices
By Enterprise Security Magazine | Friday, November 30, 2018
A famous adage says, “the best defense is the good offense”. With the increasing number of attacks in the cyber landscape, organizations should not only focus on their outside barrier but also form an effective inside barrier. This can be achieved by implementing Security information and event management (SIEM) practices in the workforce. By adapting SIEM culture, employees can be empowered by the knowledge of cyberspace with which they can take prompt action before the vulnerability gets any bigger. Moreover, with SIEM practices, organizations would be able to enhance cybersecurity with technology as an outside barrier and employee as an inside barrier.
To make SIEM practice more effective, there are certain boundaries that every organization needs to cover. First and foremost step is to make employees take SIEM practices gravely in their day-to-day activities. To motivate employees, organizations can offer incentives or bonus when employees detect any vulnerability. For instance, if a trained employee recognizes a phishing attack before it infects the entire network, he/she should be awarded. Moreover, the eradication of the phishing attack can also be notified to other employees to increase awareness among them. Additionally, when employees detect cyber attacks, they should develop an incident response plan elaborating necessary details— the reason for the cyber attack, measurable steps, and recovery method—that would allow the security team to sprint into action immediately.
Furthermore, with SIEM practices the security team will have greater transparency in the network by compiling and aggregating security event information. However, due to the data overflow security team may still find it hard to prioritize the security events. But this can be undone if the employees of each department can segregate the critical data and inform the security teams with a track record of the data storage. Also, whenever any department deploys a new database, they should notify the security team with a detailed description. During the whole process of SIEM practice, organizations should ensure that they are taking it slow as it is just the beginning of the cybersecurity rampart.