5 Technologies to Look for When Choosing a SIEM to Protect Your Organization in the Coronavirus Crisis
COVID-19 is wreaking havoc with our lives and our businesses, but hackers aren’t resting. If anything, we’ve seen the level of cyber attacks increase and specifically target new vulnerabilities. Those entrusted with protecting organizations don’t have the luxury to panic, but need to implement the right solutions, fast.
Many organizations today are finding their footing in a new and jarring reality. Employees are suddenly having to work from home. SOC teams – who usually work in the headquarters even at companies where working from home is commonplace – are suddenly working from home too. Not only that, but some of them may be ill themselves, or in quarantine, or juggling work with caring for kids or family members. As a result of all this, security teams – already often understaffed and overwhelmed – are reaching a crisis point.
Meanwhile, attackers are viciously stepping up their activities. Just this week, Reuters reported that the World Health Organization (WHO) was attacked using a malicious site mimicking the WHO’s internal email system, and in general the WHO’s CISO Falvio Aggio reported hacking attempts against the organization have soared (as if they didn’t have enough problems already). Other organizations which have been attacked in only the last few days include a COVID-19 vaccine test center, Spain’s hospital system and Tupperware. As the author of an article in the Harvard Business Review put it, “hackers love a crisis.”
CISOs or security directors are saddled with the task of captaining their organization’s ship to safe harbor in this almost perfect storm. Their arsenal usually includes dozens of security products, but often they don’t work in sync, don’t effectively stop attacks, or offer low visibility into the network. SIEMs were supposed to solve this problem. Unfortunately, many SIEMs are very cumbersome and difficult to maintain, requiring security analysts to spend much of their day writing correlation rules. Many organizations find their SIEMs have left them ultimately vulnerable.
And what if an organization doesn’t yet have a SIEM? SIEMs are notorious for taking a long time, even a year, to implement and show value. Never mind the high expense and the large SOC team needed to manage them. Now is NOT the time to take on a cumbersome, time-intensive “project.”
But not all SIEMs are created equal. As you look for a SIEM that can fit the unique needs of this crazy time we are living in, keep these guidelines and technologies in mind (and see how empow’s i-SIEM brings them to life):
- “Self-orchestrated/managed system” – i-SIEM is the ONLY SIEM that can be managed by LESS THAN ONE SECURITY ANALYST. This is thanks to our automation patents (AI, NLP- backed by eight granted patents), which enables i-SIEM to bypass the very cumbersome task of writing correlation rules, and manually defining triage and root-cause analysis search patterns. This activity takes up easily 80% of the time of security analysts and typically requires a team that works in sync to do it effectively. So now one person can do the work of the four (who are sick/busy/impossible to recruit).
- Fast integration Our innovation around data classification (using mainly NLP) makes the on-boarding of new data sources, as well as maintenance of high-quality data classification of the exiting data sources, easy.
- Agility – i-SIEM is able to detect threats even when the baseline has completely changed, i.e., the norm is different. This is the case today, when everyone is working from home. Our behavioral algorithms are agile and adapt faster than others technologies. The result is a lower rate of false positives and a higher detection rate.
- Fast time to value – while most SIEMs take a very long time to implement, many months even, i-SIEM can be implemented in a week – and with cooperation from the organization even days. Our easy to use dashboard makes sure the team has full visibility, while automation means minimal false positives, so analysts can focus their time on only truly high-risk potential attacks.
- Expert training – empow’s free advanced security course we will make you a master at fighting threats in the WFH era. Our group of security experts will guide you through fast implementation of best practices for protecting your environment of distributed employees.