You may have heard about something called a SIEM. You may have even asked yourself: “What is a SIEM, and why does my credit union need it?”

What is SIEM?

To begin, here is a little background on what a SIEM is. Everybody remembers that centralized logging is a good practice. You never want to have your logs on local devices. Network devices, servers, workstations, firewalls – you want to have those centralized, for a number of reasons. If a hacker were to compromise one of those devices and the logs were stored locally, the intruder would have the ability to manipulate or delete those logs and cover their tracks.

Having those logs centralized gets them off the device, making them tamper-resistant (though not 100% tamper-proof, because nothing is) and preventing hackers from covering their tracks. For these reasons, it makes sense to keep all logs centralized.

Once you centralize the logs, there are mountains of data. The question becomes – how do you make sense out of those logs? This is where the SIEM proves useful.

continue reading »