%20cropped.jpg)
Human risk and error are two of today’s biggest cybersecurity concerns, yet both are largely unaddressed. We’ve found that clients that use SIEM (Security Information and Event Management) as a part of a comprehensive cybersecurity plan are more prepared for worst-case scenarios.
In the industry, SIEM is commonly referred to as a SIEM/SOC Solution. ”SOC” stands for security operations center – the humans behind the tools that make educated decisions whether an event is real, or a “false positive”. In Elevity’s case, these would be the security engineers at Arctic Wolf.
SIEM monitors networks in real time, identifies suspicious data anomalies, and offers personalized protection strategies that align with unique business needs.
In addition, email is still the number-one attack target for cybercriminals, with phishing attacks being the top threat. The more layers of cybersecurity protection a company has, the better the odds are that the cyberthreat will be caught and neutralized – before doing costly damage.
It's Best to Be Prepared
Without a SIEM solution in place, a cybercriminal could find their way into your network, then hang out watching your network activity for a while…or attack swiftly. Either way, the result could be very costly to your company. Being prepared for cyberattacks (because they’re always lurking) is a better alternative than potentially having to pay a ransom to unlock your data.
Unfortunately, we’ve met with a few clients without SIEM for a post-cyberattack analysis to answer the question, “How could this have been prevented?”
Knowledge is power. And Elevity empowers companies with the information and tools they need to be prepared. One we highly recommend is to add a SIEM solution.
What Is a SIEM Cybersecurity Solution?
Many potential clients ask us about the meaning behind SIEM and why it’s needed cybersecurity plan.
Here’s the basics - SIEM is a combination of two powerful tools:
- Security Information Management (SIM), which focuses on long-term storage, analysis and reporting of log data
- Security Event Manager (SEM), which provides monitoring in real time, correlation of events and sends alert notifications. Together, these two technologies form the cybersecurity solution called SIEM that is used to monitor, analyze and report on an organization’s networked systems
The strength of SIEM is the ability to analyze massive amounts of data generated from an organization’s network, firewalls, email system, website, spam filters and other internal sources. If an anomaly is detected, programmed rules can be used to lock down systems, deploy remediation software and/or send an alert to human administrators for additional analysis.
For these reasons, SIEM has become an integral part of modern cybersecurity plans, providing proactive support to an organization’s defense system.
Real World Examples of How SIEM Has Thwarted Cyberattacks
Elevity works with clients to craft cybersecurity roadmaps designed to help reach business goals. We’ve seen what SIEM can do in action and it’s often been a “superhero,” averting the threat of potential cyber catastrophe.
Here are a few examples of how SIEM saved the day for our clients.
Food Manufacturing Company
An employee at a food manufacturing company was tricked by a spoofed email to click a link, enter their credentials, and use a verification code to create a multifactor authentication (MFA) token to access information.
In real time, the company’s SIEM noticed that this employee’s user account was being used in the United States – then suddenly it was coming from an IP address in Europe. If the same user connects from two different countries and the time between those connections can’t be made through conventional air travel, that’s defined as impossible travel.” Because of rules programmed into the company’s SIEM, this anomaly triggered an alert message sent to network administrators. The employee’s user account was locked down while Elevity experts investigated.
The incident was determined to be a security breach. Therefore, the previous MFA token was revoked, the employee’s user account was reset, the European IP address was blocked and the villainous link sent to the employee was blocked by the company’s email security filter. This quick response ejected the cyberhacker from the company’s network and prevented a potential data loss event.
Financial Organization
A Midwestern financial organization had an alert from their SIEM, indicating that a user account was suddenly logging in from Texas and New York – another example of “impossible travel” Elevity analyzed the situation and determined that a breach had occurred. Action was taken to sign the user account out of all online sessions, reset their password and require re-registration for an MFA token. Steps were then taken to ensure that the malicious agents would be blocked and unable to access the organization again.
Property Management Company
Human administrators received an alert from the property management company’s SIEM, indicating that some Outlook email rules were being changed within the network. The user account that was making these changes was then shut down.
A further investigation by Elevity revealed that a well-meaning employee had unfortunately ignored multiple warnings from the company’s cybersecurity solutions and had given a cyberhacker access to their user account. If the employee had chosen instead to pause, consider and verify the information they were being warned about, the attack may have been caught earlier.
The cyberhacker used the employee’s user account to request a wire transfer for a large sum of money. Due to the SIEM alert about the change in Outlook rules, Elevity investigated and notified the company about the fraudulent wire transfer. Luckily, the property management company was able to stop the wire transfer before it went through.
How to Choose and Configure the Right SIEM Solution for Your Organization
SIEM solutions enhance an organization’s ability to protect its data and systems from cyberthreats, ensuring a robust security posture. However, not all SIEM solutions are created alike.
Ready to reevaluate your organizational cybersecurity plan and choose a SIEM solution that’s right for your organization? Contact us to discover how Elevity can help. We’ll discuss how our Elevity 4S approach has empowered organizations like yours and what a comprehensive cybersecurity plan featuring SIEM could do for you.
