Flexible, remote working is here to stay. For those employees who require only a laptop and a smartphone to do their work from anywhere, the hybrid way of working is their new norm. With it comes the headaches of delivering an IT infrastructure that can support it – and more than that, can support workers in their collaboration efforts so that they feel part of team whether they’re in the office or not.
One of the biggest challenges since the recent pandemic has been keeping company culture strong enough that employees are engaged with their colleagues and feel team cohesion and a sense of belonging. The flip side is that enabling the hybrid model has delivered some serious challenges in aiding these new working methods, whilst simultaneously removing weaknesses, securing end point devices such as laptops, smartphones and tablets on the network and most importantly protecting data.
Virtualised desktop environments like Azure Virtual Desktop have provided efficient ways of collaborating via Teams and Microsoft 365 – these have changed the way we communicate in our new hybrid workplaces, but security is still central to the IT departments concerns driving advanced cybersecurity measures to protect endpoints and data.
The benefits of a SIEM platform
Increasingly Security, Information and Event Management platforms (SIEM) deliver an advanced security orchestration, automation and response option for organisations. SIEMs can build out rules to look for anomalies in security, raise alerts and look to remediate them providing a way for organisations to keep watch for anomalies, but also deliver advanced defence capabilities. They reduce the complexities of managing networks, devices and the overall security operations and allow resources to be freed up for other projects. Where data may have previously been held in silos within a security operations centre (SOC) and a network operations centre (NOC), these can be brought together for a holistic view of the security and availability of the business.
A SIEM offers five core benefits
1. A unified platform: Multi tenancy is supported on a single platform so that customers can be centrally managed while maintaining an overall visibility. For MSSPs for example – everything is in one place with a single view of operations. Graphical User Interfaces (GUIs) and databases can also be multi tenanted so they are customisable and simple to view. It also means that operations can be scaled accordingly.
2. Single pane of glass management: Dashboards, analytics, incident management, configuration management databases (CMDB) and administration can all be accessed via a web-based GUI, which means that it’s easy to customise role-based access control for simple management. Active asset discovery assists with building out integrated CMBD for better asset management, and performance and availability monitoring such as CPU, memory, storage and configuration changes extend the functionality of the platform and delivers additional contextual data.
3. Better incident detection: Better incident detection means it’s easier and faster to identify internal and external threats, plus it also enables threat hunting and compliance monitoring. The time taken to detect is reduced with a distributed correlation engine to detect incidents. There are out of the box pre-designed parsers, dashboards and reporting to cover the most commonly found devices in many of the SIEM platforms, making it simpler to deliver quick value to the organisation. Insider threats can also be identified using an agent on endpoints to collect telemetry on behaviour. Overall, the mean time to respond is reduced and the organisation is safer.
4. Scale as you go: Rapid scalability is necessary in a hybrid environment – there can be many hundreds of devices added to corporate networks on a weekly basis in global organisation. When homeworking was necessary almost overnight, the reality of thousands of remote workers all at once, meant scalability of platforms was critical. In reality every endpoint is a weakness that must be secured. It’s simple to increase performance and log processing capacity with a SIEM by adding VMs. Flexible licensing options also deliver a way to scale costs.
5. Out of the box compliance and ROI: Improved efficiencies, lower risk, reduced impact of attacks and simplified compliance all provide higher ROI. The right information and detection are provided for staff and analyst efficiencies and risks can be managed with incident detection and reporting. Many SIEM platforms provide out of the box compliance reporting and pre-defined content and dashboards can deliver immediate results. Security teams are able to understand incident impact by defining business services which then highlights which service is affected by an incident, making for faster and more comprehensive resolution.
The future of security
The threat landscape is growing, with the number of ransomware attacks reported to the Information Commissioner’s Office increasing 100% from 326 in 2020 to 654 in 2021 – and they’re the ones we know about. It’s likely driven by increasing profitability of such an attack but it’s the number one concern for tightening security. As the threats increase, so does the sophistication of SIEM platforms.
Moving forward, by installing a comprehensive SIEM, organisations can deploy machine learning and statistical methods to determine a ‘baseline’ normal behaviour and incorporate real-time, actionable insights into anomalous user behaviour. By combining stats from endpoint sensors, network device flows, server and applications logs and cloud API’s, it’s possible to build comprehensive profiles of users, peer groups, endpoints, applications, files and networks and detect anomalies from end-to-end. It is possible for organisations to protect themselves with intelligent solutions that can scale and keep data safe.
Discover how Cyber Security solutions can transform your business – Get in touch today