Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues. The final goal is achieving full information security and regulation compliance, keeping company information and brand reputation safe, as well as continuous improvement of the company and its assets.
SIEM systems can ensure that anomalies can be detected, changed or even prevented. The problem, though, is that many systems tend to be SIEMs only at just a few aspects. This way it is very hard to locate what your business really needs. Implementing SIEM causes tons of hours dedicated to configuration, synchronization, and testing. If you require a wider portfolio of services that the vendor does not fully correspond to, then you need to invest some more hours for implementing another SIEM system.
This is the reason why it’s so important for a SIEM system to cover as many aspects as possible, including features to monitor, detect, analyze data and collaborate on incident responses to anomalous events. Modern SIEM systems pay special attention to the data protection aspects of their features.
The technical aspects of regulations ( e.g. GDPR, SOX, FISMA, HIPAA, etc) require paying better attention to the way companies store their personal data. SIEM systems can ease the process of storing evidence of compliance. They also ensure advanced threat detection of malicious activities. This way the processes become manageable, and the data protection officers of medium and big companies can get a better visibility over the processes within the organisation, as well as to take measures for preventing security incidents.
Furthermore, security analysis is being run continuously, which in one hand improves fraud and anomaly detection by machine learning, and in the other hand monitors for security incidents 24/7, sending notification alerts if any detected.
How Blockchain will Transform SIEM Into a Next Generation Security Solution
Blockchain has proven to be a future-proof technology for keeping immutable records. This technology eliminates the possibilities of tampering, which is the main reason why cryptocurrencies caused a huge investment hype.
The best way to apply blockchain in technology, however, might be somewhere else. Proof of origin and proof of evidence has always been a struggle. When it comes to Security information and event management (SIEM), the top problems to solve are:
- Ensuring that no events can be deleted or modified, even by system admins
- Preventing breaches of confidential information
- Leveraging technology that is advanced enough to detect potential problems in time
This technology, combined with advanced cryptographic algorithms, lay the foundations of cost-effective, sustainable solutions that protect all company assets.
Top SIEM Software Features covered by LogSentinel
LogSentinel’s main focus is on protecting data integrity. This in turn helps protecting personal data and company information, achieving regulatory compliance and ensuring that no evidences can be deleted or modified.
To deliver a high-quality solution, LogSentinel is using blockchain-based technology and fraud detection. LogSentinel is considered a NextGen SIEM tool as it fully covers usual SIEM characteristics and complements them with AI and machine learning. The table below illustrates a mapping between typical SIEM characteristics and the corresponding LogSentinel SIEM Features:
|SIEM Software characteristics||LogSentinel Features|
|Log Collection||✓||LogSentinel SIEM collects logs via RESTful API, and keeps them securely using advanced blockchain technology|
|Log Analysis||✓||LogSentinel SIEM support AI-driven log analysis focusing on fraud and anomaly detection|
|Event Correlation||✓||Using a correlation key, every log event can be set up in a way corresponding to the business processes available at the LogSentinel SIEM dashboard. This feature allows easy tracking and visibility, as well as a DPO-friendly way of illustrating data-related processes|
|Log Forensics||✓||Thanks to the blockchain technology, the logs available at LogSentinel SIEM are practically unmodifiable. LogSentinel SIEM meets the audit trail requirements of multiple standards and regulations: GDPR, PSD2, PCI-DSS, ISO 27001, HIPAA, etc.|
|IT Compliance||The blockchain-enabled secure time-stamping and logging ensures that your data is tamper-free/tamper-evident, time-stamped Qualified Time Stamps, and/or Qualified Electronic Signature and securely logged in two blockchains. You can use it for forensics, security audits, and proof of GDPR compliance.|
|Application Log Monitoring||✓||Every application can be logged and monitored separately as well as summarized|
|Real-time alerting||✓||LogSentinel SIEM supports real-time alerting, covering alerts concerning detected anomalies or suspicious activity.|
|User Activity monitoring||✓||LogSentinel SIEM captures user actions, including the use of applications, system commands executed, checkboxes clicked, text entered/edited, or any other actions you would like to keep track of.|
|Dashboards||✓||The dashboard of LogSentinel SIEM provides full visibility of all processes and applications. It also shows activity per actors and action types|
|File integrity monitoring||✓||All action types concerning files – deletion, modification, etc., can be easily tracked.|
|System and device log monitoring||✓||LogSentinel SIEM keeps track of log files and searches for known text patterns and rules that indicate important events.|
|Log Retention||✓||You can set up the log retention periods based on the specific business needs|
Examples of SIEM rules protecting personal data
As previously stated, SIEMs can help detect different kinds of issues related to information security. Some of these issues are vital to the organization as they affect confidential data, or can even lead to personal data leaks. Below we have showcased some of the common security alerts that help organisations take control over their data holding assets:
|Repeat Attack-Login (Brute-force)||Early warning for brute force attacks or password guessing||Notify when 3 or more failed logins in 60 secs from a single host.||Active Directory (AD), Syslog (Unix Hosts, Switches, Routers, VPN), Monitored Applications. etc|
|Unauthorized Actions by privileged users||Warning for unauthorized actions||Notify if a user switches from their normal account to a privileged one and behaves unusually: installing new software, accessing files outside of work hours, etc.||Active Directory (AD),|
|Unauthorized changes in the production database||Warning for unauthorized changes to a production database||Notify if a user logs in remotely outside the normal business hours, and repeatedly tries to connect to a production database as an administrator||Production database,|
|Virus Detection/ Removal||Notify when >1 hour has passed since malware was detected, on another source||Notify when a single host fails to auto-clean malware within 1 hour of detection||Event Sources, such as Firewall, NIPS, Anti-Virus, HIPS|
Denitsa Stefanova is a Senior IT Business Analyst with solid experience in Marketing and Data Analytics. She is involved in IT projects related to marketing and data analytics software improvements, as well as the development of effective methods for fraud and data breach prevention. Denitsa supports her IT-related experience by applying her skills into her everyday duties, including IT and quality auditing, detecting IT vulnerabilities, and GDPR-related gaps.