SIEM Solutions and Data Protection Compliance

Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues. The final goal is achieving full information security and regulation compliance, keeping company information and brand reputation safe, as well as continuous improvement of the company and its assets.

SIEM systems can ensure that anomalies can be detected, changed or even prevented. The problem, though, is that many systems tend to be SIEMs only at just a few aspects. This way it is very hard to locate what your business really needs. Implementing SIEM causes tons of hours dedicated to configuration, synchronization, and testing. If you require a wider portfolio of services that the vendor does not fully correspond to, then you need to invest some more hours for implementing another SIEM system.

This is the reason why it’s so important for a SIEM system to cover as many aspects as possible, including features to monitor, detect, analyze data and collaborate on incident responses to anomalous events. Modern SIEM systems pay special attention to the data protection aspects of their features.

Using SIEM Software for Achieving Compliance

The technical aspects of  regulations ( e.g. GDPR, SOX, FISMA, HIPAA, etc) require paying better attention to the way companies store their personal data. SIEM systems can ease the process of storing evidence of compliance. They also ensure advanced threat detection of malicious activities. This way the processes become manageable, and the data protection officers of medium and big companies can get a better visibility over the processes within the organisation, as well as to take measures for preventing security incidents.

Furthermore, security analysis is being run continuously, which in one hand improves fraud and anomaly detection by machine learning, and in the other hand monitors for security incidents 24/7, sending notification alerts if any detected.

How Blockchain will Transform SIEM Into a Next Generation Security Solution

Blockchain has proven to be a future-proof technology for keeping immutable records. This technology eliminates the possibilities of tampering, which is the main reason why cryptocurrencies caused a huge investment hype.

The best way to apply blockchain in technology, however, might be somewhere else. Proof of origin and proof of evidence has always been a struggle. When it comes to Security information and event management (SIEM), the top problems to solve are:

  • Ensuring that no events can be deleted or modified, even by system admins
  • Preventing breaches of confidential information
  • Leveraging technology that is advanced enough to detect potential problems in time

This technology, combined with advanced cryptographic algorithms, lay the foundations of cost-effective,  sustainable solutions that protect all company assets.


Top SIEM Software Features covered by LogSentinel

LogSentinel’s main focus is on protecting data integrity. This in turn helps protecting personal data and company information, achieving regulatory compliance and ensuring that no evidences can be deleted or modified.

To deliver a high-quality solution, LogSentinel is using blockchain-based technology and fraud detection. LogSentinel can be considered a SIEM tool as it fully covers its characteristics. The table below illustrates a mapping between typical SIEM characteristics and the corresponding LogSentinel Features:

SIEM Software characteristicsLogSentinel Features
Log CollectionSentinelTrails collects logs via RESTful API, and keeps them securely using advanced blockchain technology
Log AnalysisSentinelTrails support AI-driven log analysis focusing on fraud and anomaly detection
Event CorrelationUsing a correlation key, every log event can be set up in a way corresponding to the business processes available at the Sentinel Trails dashboard. This feature allows easy tracking and visibility, as well as a DPO-friendly way of illustrating data-related processes
Log Forensics   Thanks to the blockchain technology, the logs available at SentinelTrails are practically unmodifiable. SentinelTrails meets the audit trail requirements of multiple standards and regulations: GDPR, PSD2, PCI-DSS, ISO 27001, HIPAA, etc.
IT ComplianceThe blockchain-enabled secure time-stamping and logging ensures that your data is tamper-free/tamper-evident, time-stamped Qualified Time Stamps, and/or Qualified Electronic Signature and securely logged in two blockchains. You can use it for forensics, security audits, and proof of GDPR compliance.
Application Log MonitoringEvery application can be logged and monitored separately as well as summarized
Real-time alertingSentinelTrails supports real-time alrerting, covering alerts concerning detected anomalies or suspicious activity.
User Activity monitoringLogSentinel captures user actions, including the use of applications, system commands executed, check boxes clicked, text entered/edited, or any other actions you would like to keep track of.
DashboardsThe dashboard of SentinelTrails provides full visibility of all processes and applications. It also shows activity per actors and action types
File integrity monitoringAll action types concerning files – deletion, modification, etc., can be easily tracked.
System and device log monitoringSentinelTrails keeps track of log files and search for known text patterns and rules that indicate important events.
Log RetentionYou can set up the log retention periods based on the specific business needs

Examples of SIEM rules protecting personal data

As previously stated, SIEMs can help detect different kinds of issues related to information security. Some of these issues are vital to the organization as they affect confidential data, or can even lead to personal data leaks. Below we have showcased some of the common security alerts that help organisations take control over their data holding assets:

RuleGoalTriggerFacilities involved
Repeat Attack-Login SourceEarly warning for brute force attacks, password guessing, and misconfigured applications.Alert on 3 or more failed logins in 1 minute from a single host.Active Directory, Syslog (Unix Hosts, Switches, Routers, VPN), RADIUS, TACACS, Monitored Applications.
Unauthorized Data TransfersWarning for unauthorized data transferAlerts if more than 10 files / 10 MB of specific types are copied to USB drives or sent as email attachments to non-company domainsActive Directory, Monitored applications
Unauthorized Data Transfers by privileged usersWarning for unauthorized data transferAlerts if a user switches from their normal account to a privileged one, then performs an abnormal data transfer to or from an external service.Active Directory, Monitored applications
Unauthorized changes in production databaseWarning for unauthorized login to a production databaseAlerts if a A user logs in remotely outside the normal business hours,  then makes repeated attempts to connect to a production database as an administratorProduction database, monitored applications
Virus Detection/RemovalAlert when a virus, spyware or other malware is detected on a hostAlert when a single host sees an identifiable piece of malwareAnti-Virus, HIPS, Network/System Behavioral Anomaly Detectors
Virus or Spyware Detected but Failed to CleanAlert when >1 Hour has passed since malware was detected, on a source, with no corresponding virus successfully removedAlert when a single host fails to auto-clean malware within 1 hour of detectionEvent Sources: Firewall, NIPS, Anti-Virus, HIPS, Failed Login Events

If you would like to try our SIEM solution today, check out our subscription plans or request a demo:  

Like this article? Share it with your network!