A Cure for Your Heartburn: 5 Keys to a Successful SIEM Implementation

Not surprisingly, the recent Heartbleed bug has prompted a groundswell of questions about how to effectively implement security information and event management (SIEM) software.

Our e-book, Top 10 SIEM Implementer’s Checklist, takes a deep dive into how to have a successful SIEM implementation, optimize your resources and accelerate your return on investment.

Below is a quick summary of the first five keys to a successful SIEM implementation:

Best Practice #1: Malware control: Centralize malware monitoring, incident responses, assessing and reporting operational impacts from end point to perimeter with regard to ensuring activation and standard use, monitoring and reviewing malware activity, and most importantly, responding to issues. Make sure to include all sources including anti-malware applications, anti-virus, anti-trojan, spam filtering, web filtering and website scanners, DNS, IDS, VA and network flow operational data.

 

Best Practice #3: Access controls: Consolidate Authentication, Authorization and Accounting (AAA) mechanisms to control appropriate access to resources. Use SIEM rules, alerts and reports to bring together all AAA – successful logins, subsequent secondary logins and user/system activities to facilitate investigations. Track and resolve the “true identity” behind shared credentials. Make sure to put incident response and report review procedures in place prior to activating SIEM rules and reports. Monitor failures in addition to successful accesses to monitor and investigate insider threats including privileged users and consultants.

Best Practice #4: Acceptable use monitoring (UAP): Publish policies for users to understand when, where and how best to use and protect corporate assets and information. Develop watch lists to facilitate monitoring processes for AUP for critical resources, user roles and specific AUP violation scenarios that align to those policies. Extend activity monitoring beyond normal business hours with special focus on critical assets or anomalous behavior. Obtain appropriate legal advice to assure that potential liability for monitoring user activity is understood and addressed. By not having accurate records with regards to the scope of an incident, the resulting financial penalties and reputation risks can be significant.

Best Practice #5: Application defenses: Application defenses is required beyond the perimeter, network and host security defenses need to include application platform monitoring, resource monitoring, web application defenses and database activity monitoring. Incorporate web application firewalls (WAF) to inspect and filter HTTP traffic at the application layer to monitor web and mobile applications. Database logging can be problematic with regards to database performance and database audit table overwrites. The use of shared administrative credentials is another pitfall to watch for.

 

 

Authors

Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud security big data RSA analytics compliance Q&A PCI DSS HIPAA Sarbanes Oxley (SOX) Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter facebook linkedin