An Enterprise Essential -- Financial institutions, defined as any business that engages in financial activities ranging from insurance brokerage to data processing to automobile financing/leasing, are required by federal law to abide security practices protecting customers’ non-public information. One of the most commonly referred to, the Safeguards Rule, is intended to protect financial institution customers from identity theft and data breaches by requiring businesses to protect their data and information from misappropriation, alteration, tampering, etc. The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, specifically companies that provide financing to their customers as subject to both the Privacy and Safeguard Rules. Requirement for network security solutions is to “Comply with all federal, state, local and industry regulations for financial institutions, such as GLBA, PCI, etc.”
Security devices such as Unified Threat Management (UTM) solutions are incapable of fully protecting a network without the assistance additional security tools to analyze data being generated by the device. Security analyst teams often use a Security Information and Event Management (SIEM) solution to manage the enormous amount of data created by just a single
dealership network.
A SIEM solution is recommended to aid in identifying or preventing an intrusion into a commercial network. Security analysts use SIEM to combat threats that are not stopped or identified by conventional security solutions such as anti-virus or UTM-based signatures. Immediate response to a breach can greatly reduce or prevent company and customer data loss, not to mention the fines associated with the breach.
About SIEM Services
With network security comes Security Information and Event Management (SIEM). SIEM is considered IT best practice, and for the regulated financial industries, it’s a requisite for audit compliance.
Combining and sorting network data in real-time from security devices into actionable alerts is done with a SIEM service while security alerts are investigated and mitigated by trained network security analysts. SIEM services require both network security tools and security experts to work together for effective security threat combattance. Standard IT support professionals should not be labeled as network security analysts, as certifications and training are required to support these specialized security tools.
Industry practice utilizes teams of security analysts to provide 24x7x365 real-time support of security tools and network data. SIEM is viewed as a service, not a single piece of hardware/software.
How SIEM Works
1. UTM device is integrated and sent to Network/Security Operations Center (NOC/SOC)
2. Data collected from UTM (ex. system log traffic, security alerts) is gathered and analyzed by SIEM service to find anomalies
3. Action is categorized as an anomaly, incident ticket is created in SIEM service system
4. Network security analyst investigates, determines threat status
Not all monitoring solutions are created equal.
Reactive Event Monitoring vs. Proactive SIEM Service
Reactive Event Monitoring:
- Receiving standard alerting from a network security device based on attack signatures.
- Software designed to manage alerts are not considered SIEM (ex: Sonicwall GMS, Sonicwall Viewpoint, Level Platforms). Event alerts generated by the UTM have already been blocked by the device, and the management software provides no additional security analysis.
Proactive SIEM Service:
- Proactive service combining different types of network data to detect threats that have bypassed primary security measures such as AV or UTM devices, based on signatures. Networks not utilizing a SIEM service are much more vulnerable to new and advanced attacks -- created to defeat existing security signatures. SIEM services are considered the most effective way of identifying and stopping advanced threats.
