SIEM Solutions and Data Protection Compliance

Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues. The final goal is achieving full information security and regulation compliance, keeping company information and brand reputation safe, as well as continuous improvement of the company and its assets.

SIEM systems can ensure that anomalies can be detected, changed or even prevented. The problem, though, is that many systems tend to be SIEMs only at just a few aspects. This way it is very hard to locate what your business really needs. Implementing SIEM causes tons of hours dedicated to configuration, synchronization, and testing. If you require a wider portfolio of services that the vendor does not fully correspond to, then you need to invest some more hours for implementing another SIEM system.

This is the reason why it’s so important for a SIEM system to cover as many aspects as possible, including features to monitor, detect, analyze data and collaborate on incident responses to anomalous events. Modern SIEM systems pay special attention to the data protection aspects of their features.

The technical aspects of  regulations ( e.g. GDPR, SOX, FISMA, HIPAA, etc) require paying better attention to the way companies store their personal data. SIEM systems can ease the process of storing evidence of compliance. They also ensure advanced threat detection of malicious activities. This way the processes become manageable, and the data protection officers of medium and big companies can get a better visibility over the processes within the organisation, as well as to take measures for preventing security incidents.

Furthermore, security analysis is being run continuously, which in one hand improves fraud and anomaly detection by machine learning, and in the other hand monitors for security incidents 24/7, sending notification alerts if any detected.

How Blockchain will Transform SIEM Into a Next Generation Security Solution

Blockchain has proven to be a future-proof technology for keeping immutable records. This technology eliminates the possibilities of tampering, which is the main reason why cryptocurrencies caused a huge investment hype.

The best way to apply blockchain in technology, however, might be somewhere else. Proof of origin and proof of evidence has always been a struggle. When it comes to Security information and event management (SIEM), the top problems to solve are:

  • Ensuring that no events can be deleted or modified, even by system admins
  • Preventing breaches of confidential information
  • Leveraging technology that is advanced enough to detect potential problems in time

This technology, combined with advanced cryptographic algorithms, lay the foundations of cost-effective,  sustainable solutions that protect all company assets.

Blockchain-SIEM-Solution

Top SIEM Software Features covered by LogSentinel

LogSentinel’s main focus is on protecting data integrity. This in turn helps protecting personal data and company information, achieving regulatory compliance and ensuring that no evidences can be deleted or modified.

To deliver a high-quality solution, LogSentinel is using blockchain-based technology and fraud detection. LogSentinel is considered a NextGen SIEM tool as it fully covers usual SIEM characteristics and complements them with AI and machine learning. The table below illustrates a mapping between typical SIEM characteristics and the corresponding LogSentinel SIEM Features:

SIEM Software characteristicsLogSentinel Features
Log CollectionLogSentinel SIEM collects logs via RESTful API, and keeps them securely using advanced blockchain technology
Log AnalysisLogSentinel SIEM support AI-driven log analysis focusing on fraud and anomaly detection
Event CorrelationUsing a correlation key, every log event can be set up in a way corresponding to the business processes available at the LogSentinel SIEM dashboard. This feature allows easy tracking and visibility, as well as a DPO-friendly way of illustrating data-related processes
Log Forensics   Thanks to the blockchain technology, the logs available at LogSentinel SIEM are practically unmodifiable. LogSentinel SIEM meets the audit trail requirements of multiple standards and regulations: GDPR, PSD2, PCI-DSS, ISO 27001, HIPAA, etc.
 
IT ComplianceThe blockchain-enabled secure time-stamping and logging ensures that your data is tamper-free/tamper-evident, time-stamped Qualified Time Stamps, and/or Qualified Electronic Signature and securely logged in two blockchains. You can use it for forensics, security audits, and proof of GDPR compliance.
Application Log MonitoringEvery application can be logged and monitored separately as well as summarized
Real-time alertingLogSentinel SIEM supports real-time alerting, covering alerts concerning detected anomalies or suspicious activity.
User Activity monitoringLogSentinel SIEM captures user actions, including the use of applications, system commands executed, checkboxes clicked, text entered/edited, or any other actions you would like to keep track of.
DashboardsThe dashboard of LogSentinel SIEM provides full visibility of all processes and applications. It also shows activity per actors and action types
File integrity monitoringAll action types concerning files – deletion, modification, etc., can be easily tracked.
System and device log monitoringLogSentinel SIEM keeps track of log files and searches for known text patterns and rules that indicate important events.
Log RetentionYou can set up the log retention periods based on the specific business needs

Examples of SIEM rules protecting personal data

As previously stated, SIEMs can help detect different kinds of issues related to information security. Some of these issues are vital to the organization as they affect confidential data, or can even lead to personal data leaks. Below we have showcased some of the common security alerts that help organisations take control over their data holding assets:

 

RuleGoalTriggerFacilities involved
Repeat Attack-Login (Brute-force)Early warning for brute force attacks or password guessingNotify when 3 or more failed logins in 60 secs from a single host.Active Directory (AD), Syslog (Unix Hosts, Switches, Routers, VPN), Monitored Applications. etc
Unauthorized Actions by privileged usersWarning for unauthorized actionsNotify if a user switches from their normal account to a privileged one and behaves unusually: installing new software, accessing files outside of work hours, etc.Active Directory (AD), 
 
Monitored applications
Unauthorized changes in the production databaseWarning for unauthorized changes to a production databaseNotify if a user logs in remotely outside the normal business hours, and repeatedly tries to connect to a production database as an administratorProduction database,
 
Monitored applications
Virus Detection/ RemovalNotify when >1 hour has passed since malware was detected, on another sourceNotify when a single host fails to auto-clean malware within 1 hour of detectionEvent Sources, such as Firewall, NIPS, Anti-Virus, HIPS

If you would like to clear compliance and boost the information security of your business using a Next Gen SIEM, check out our subscription plans or request a demo:  

REQUEST DEMO
Like this article? Share it with your network!