By Joseph Alecci, CISA, CISM, CISSP, CRISC, CEH, Associate Director, IT & Cybersecurity
In today’s technology environment, financial institutions are consistently searching for ways to secure their network. However, many institutions do not take full advantage of monitoring tools that may enhance their security and safeguard their network. For these institutions, a Security Information and Event Management (“SIEM”) system may provide the additional protection needed.
SIEM is a specific type of system that provides institutions with a real-time analysis of any suspicious activity or anomalies within a network and seeks to generate useful insights from numerous events and other types of data. In addition, a SIEM system centrally gathers, stores, and then generates and analyzes logs from the perimeter (e.g., VPN gateways, IDS devices, firewalls, etc.) to the end user. Furthermore, the system can monitor for several types of security threats in real time for early and quick attack detection, containment, and appropriate response. Logs that are generated by systems are key sources of data, which include network devices, servers, domain controllers, and other security devices. The logs and reports that are retained provide the financial institution’s IT staff with important forensic analyses. The common sources of logs that a SIEM ingests include, but are not limited to, the following:
Once the data has been gathered, it is then reformatted so that the system can make sense of what was collected. With the use of analytics, the data is then analyzed to discover new trends and detect any threats that have been discovered. This allows institutions to pinpoint any security breaches and investigate alerts.
As the IT security field grows, becoming more complex and difficult to manage each day, financial institutions should consider utilizing SIEM systems to assist in several different areas, including the following:
A SIEM system can help a financial institution improve its network protection as well as the monitoring process within its IT infrastructure. With dozens of vendors that provide SIEM solutions, selecting the best fit for your financial institution is of key importance and is a topic worth exploring in the future.
To learn about P&G’s Internal Audit and Risk Management Services and how we can help your institution, email WhatsYourRisk@pandgassociates.com or call 877-651-1700.
Joseph Alecci, CISA, CISM, CISSP, CRISC,CAMS
Associate Director, IT & Cybersecurity
Joseph Alecci leads the IT/Cybersecurity Audit & Risk Management Group at P&G Associates. He has over 20 years of experience in information systems and auditing management and is a member of the ISACA N.J. Chapter Board of Directors.