For many small to midsize businesses (SMBs), log reports and security information and event management (SIEM) may be foreign terms. But for those SMBs that must comply with government-mandated compliance and audit policies, having the proper technology in place to gather, hold, and report on log data is crucial.
Log reports are a collection of data concerning events happening on a network. By collecting this data and analyzing it frequently, IT staff can find anomalies and identify security issues, such as breaches or attempted attacks. SIEM refers to the tools that IT staff use to manage and respond to security events. Having a solid SIEM system in place helps companies mitigate risks associated with network security.
Industries that must comply with government laws and acts include:
- Health care
- Retail
- Finance
- Manufacturing
Although SIEM usually requires fixed resources and technologies that can be expensive, many SMBs opt for managed SIEM services from outside companies. One such product comes from EventTracker and was created with SMBs in mind. EventTracker Cloud is a cloud-based solution that requires no new servers or applications to be installed. According to A.N. Ananth, CEO of EventTracker, the product provides detailed SIEM reports for regulated compliance industries:
“EventTracker Cloud is a SaaS instance of EventTracker Enterprise and has pre-built reports for all of the above regulations. In addition, the SIEM Simplified Managed Service offering allows customers to leverage our team to meet these requirements in a cost effective manner.”
In an email conversation, Ananth told me that SIEM is an integral security system for many SMBs:
“As the Verizon Data Breach Reports show every year, attackers hope that IT staff are not collecting or reviewing logs since 86% of the attacks would become known quickly. As IT proliferate to every corner of every business process, the criticality of SIEM is underscored by every compliance regulation and every pundit. Implementing even the basic SIEM functions (i.e. collect, alert, archive, report) on a network has a direct impact in reducing risk, minimizing auditor concerns and avoiding downtime.”
Ananth also explained how the EventTracker Cloud solution works:
“Log data from monitored SMB assets are transmitted via secure TCP connections (encryption available) to a shared Virtual Machine hosted within the EventTracker Cloud. Once received, this data is processed in accordance with configuration and rules. Alerts are generated and the respective customers are notified in the manner they prefer (e.g., email, SMS, RSS, forwarding to a ticket system, etc). Data is indexed and archived to separate stores on a per customer basis to prevent commingling. “
According to Ananth, if the SMB receives an alert, one of several procedures should be performed to mitigate risk and/or remedy a breach:
“Recognizing that vague alerts are the most frustrating of all (e.g., the DHS 5 color system in the wake of the 9/11 tragedy, the threat level is orange/elevated), EventTracker provides actionable data getting to the 4 Ws (Who, What, When, Where). Armed with this level of detail, SMBs can investigate further and take corrective action. Typical steps include detecting/remediating the root cause of the breach/infection, investigating lateral spread and rooting out these secondary problems, maintaining a watch to see if the problems resurface or other attacks are seen from the same source. Sometime infections are hard to eradicate and determined attackers will try again with different payloads.”
As most SIEM solutions are targeted to larger enterprise organizations, SMBs that deal with compliance regulations have often found themselves without an affordable option for log tracking security. Ananth added that EventTracker has those smaller organizations in mind and can help them reach their compliance and security goals:
“As hardware and software costs have fallen, IT has proliferated in every industry and even the smallest of businesses finds that it hard to manage and monitor it effectively. This leads to gaps which are exploited by attackers and called out by auditors. EventTracker Cloud was designed to addresses such issues effectively.”