Is a managed SIEM right for you?
There are three types of SIEM (security information and event management) deployments: managed, co-managed, and DIY. Deploying a fully managed SIEM means you have a trained and skilled team of off-site security analysts overseeing the logging data and events in your systems 24/7/365. These experts are actively on the lookout for suspicious activity and react to threats when necessary. If you are the type of credit union that wants to build and manage everything yourself with an internal staff – a managed SIEM is not for you. However, if you think your employees’ time can be better spent on your members, then a managed SIEM might be the right answer. Still, many credit union executives wonder about impact of deploying a managed SIEM.
A SIEM is a Security Information and Event Management tool. SIEMs are designed to ingest all of the logs and events from all of the devices in your network and correlate them for patterns, problems and of course – breaches. Today most credit unions have hundreds if not thousands of devices that are spewing out tons of data. At the same time – most can barely keep up with checking firewall logs or other critical components. Hence, the NCUA has started requiring credit unions to install SIEM solutions that in theory make this simpler and make it more likely that you will actually know when someone has breached the credit union. However, if you haven’t turned one of these on before it can be quite worrisome. As always, the fear of the unknown is less than the fear of the known. A SIEM is no different.
What happens after deployment of a fully managed SIEM?
SIEM implementations are fairly invasive and time consuming. Some aspects of the deployment can be automated, however, each device (router, switch, server, and firewall) must be touched, configured and coordinated. Then all of the data starts flowing. Imagine you are turning on sprinklers for the first time and all of the broken heads are shooting up! Jesse Boyer, EVP of NIH FCU says, “After deploying the SIEM solution, it was an eye opener seeing the sheer volume of logs/incidents. The correlation of events wouldn’t have been recognizable without SIEM. It really helps to get the big picture to truly ‘know your network’ and identify third party managed devices.”
Once you have completed implementation, you unleash the firehose of data and correlations that you never knew were there. The good news is that many of these can help you clean-up old system configuration issues or problems. After completing the deployment, you commence with weekly calls for the purpose of going through key events and correlations to make the connections. At first it is daunting, but after a few weeks or months, things really settle down and get much clearer. Ultimately, you start to feel a lot more secure and confident that you can swiftly identify malicious activity. As Joan Moran says, “…it helps me sleep better at night knowing that my network and infrastructure is being monitored 24/7 by experts for any type of suspicious behavior. There is no way I would be able to have that level of service in-house.”
Though deploying a managed SIEM means putting in time on the front end, it will increase your awareness and provide peace of mind. The process of deployment helps you gain understanding of your systems, adjust for any inefficiencies or security loopholes, and allows experts to continuously monitor for threats. That way, you know that you are doing your best to keep your credit union and your members’ information secure.
