Three Industry-Specific Aspects of SIEM

  • SIEM

Security Information and Event Management systems are considered a “must-have” in many industries. They are effectively a horizontal security tool that improves security posture and improves visibility regardless of the domain specifics. Or at least it seems so at first.

The reality is somewhere in between – yes, the majority of SIEM features are transferable across industries (and that’s great because you can hire people from any industry to set up or monitor a SIEM). But there are inevitable industry specifics. We classify them into three different categories – industry-specific data sources, compliance, and threats.

Industry-specific data sources (integrations)

Every organization may have an active directory, firewalls, web servers, and antivirus software, but not every organization has a core banking system, SCADA, or medical equipment. A good SIEM must support these verticals by flexible agents or collectors that can fetch and normalize these industry-specific data sources. A core banking system may be tough to integrate if it’s a legacy system from the 80s. Medical equipment and software may communicate in specific formats like DICOM/IHE/FHIR. SCADA systems may be quirky in producing externally consumable logs. A SIEM must be built with understanding these industry-specific integrations

Industry-specific compliance

While there are horizontal standards and regulations like ISO27001 or GDPR, there are industry-specific regulations as well – HIPAA (and a set of local healthcare laws in EU member states) cover the security and privacy of handling medical data, PCI-DSS, PSD2, GLBA and others are specific to the financial sector. The NIS EU Directive designates specific requirements for critical infrastructure. An industry-tailored SIEM has to support compliance reporting as well as additional requirements like strong log integrity, or data masking.

Industry-specific threats

The threats facing the financial industry are related to financial fraud (e.g. credit card abuse, which it shares with the e-commerce sector), the threats to the healthcare sector are about privacy and availability of patient data, and critical infrastructure is often targeted by nation-state advanced persistent threats for geopolitical reasons. A SIEM must cover these diverse threats in order to be cross-industry applicable.

A knowledgeable enough consultant or integrator can get any tool to do any job, but the problem is that these people are rare and expensive – it’s best if the tool (in this case – SIEM) can handle the industry specifics without too much supervision. The ability to handle those specifics may be the difference between a successful and a failed SIEM project and that’s why we at LogSentinel have a deep understanding of our customers’ industry problems and have solutions prepared to address them.

Interested in a SIEM Solution that combines log management, behaviour analytics (UEBA), threat detection, and incident response into a complete security monitoring platform? Talk to us today!



Like this article? Share it with your network!