Going against the grain – Unlocking the value of SIEM for business
Graeme Stewart, Managing Director of LogPoint UK&I, discusses why SIEM doesn’t have to be expensive; and if utilised correctly can help businesses achieve a greater ROI
As high-profile data breaches continue to dominate the headlines, it is clear the need for enhanced security has never been greater. A recent study found that the average cost of a data breach in the UK has increased from £2.37m to £2.53m in the last year, also resulting in many UK consumers refusing to engage with companies that have experienced a hack or breach. As companies begin to understand or even feel the implications of poor security and non-compliance, processes and technology such as SIEM (Security Information and Event Management) are rising up the agenda.
It is therefore clear why security and compliance are major concerns for UK businesses. With the ever-increasing number of regulations coming into play, such as the General Data Protection Regulations (GDPR), organisations that do not adhere to this regulation could face fines up to 20 million euros, or 4% of their global turnover, whichever is greater. That’s not even mentioning the significant reputational damage and loss of business that could follow. While security protocol and regulatory adherence both remain core issues, and of course key strengths of SIEM, many businesses struggle to see past this and fail to consider how the technology can deliver a greater return on their investment.
SIEM or bust?
SIEM is often perceived by organisations as a necessary, but undesired outlay to bolster security. In fact, many have deployed it for this reason alone and may not necessarily have taken into consideration its potential for delivering business efficiencies. There also exists a certain stigma around SIEM, namely that it is a technology restricted to large corporations to combat increasing regulatory burdens. It may be perceived as a box-ticking exercise; a tool that is expensive, too complex and difficult to use.
In reality, this is a short-sighted perception of the technology and if utilised sensibly, SIEM can realise far greater ROI. For example, in a security situation, SIEM can add further context for sensible business decisions to be made. The tool may detect that an employee has accessed a file that they are unauthorised to do so. On its own, this may warrant disciplinary action, however, if the technology is linked to the HR department, it will recognise that the employee in question is on annual leave, potentially highlighting a completely different security issue. This additional context could help prevent a serious breach that wasn’t detected previously.
Simplifying data for employees
One of the main benefits of SIEM technology is that it collates logs from a variety of sources and then ‘normalises’ the data. This essentially means converting it into a single language, allowing IT managers to spend less time sifting through large amounts of security logs so they can report findings at a faster pace, and therefore focus on more pressing tasks. The key issue here is getting the best ROI from highly qualified staff, who have the experience and education to focus on so much more than standard data analysis.
The perception of SIEM as an expensive and complex tool, built with compliance and security at its core, often causes organisations to overlook its full functionality and the added value it can provide. A well-deployed SIEM can not only free-up staff time, enabling them to focus on more important tasks, but also allows organisations to spend more wisely on other security measures by demonstrating areas of weakness in the current security portfolio, rather than buying security technology. For businesses reconsidering the value of SIEM; ask not what your organisation is doing to meet its core obligations; but what it’s missing out on by not making the business intelligence tool work most effectively for you.
Graeme Stewart, Managing Director LogPoint UK & Ireland.
Graeme leads the UK team for LogPoint, an innovative Danish SIEM vendor whose intuitive, adaptable solution is already deployed across Europe and Scandinavia.
Graeme is passionate about improving organisational information security with a practical, real-world approach, and has been involved in multiple industry and Government initiatives to highlight the importance of cyber security to Board and Public Sector executives. He has 20 years’ experience in IT and organisational data security with management roles at McAfee, Sophos, ClearSwift, PGP and Symantec. Graeme is a published thought leader, and an accomplished public speaker and media spokesperson.