AIS SIEM Challenges Addressed
2 minute read
Security logs for different systems are all in different locations
- To address security concerns you have to take the time to look in different places, if you’re trying to identify pattern of behavior have to do it manually
Ability to Detect Security Concerns that are not detected by a penetration test/Security threats are rapidly evolving
- This can find things a penetration test can’t
- Penetration test created before the cloud exists, there are new threats because of the cloud that a penetration test wasn’t designed for
- Hackers are finding new ways of getting past
- Dark underside of the cloud- “As companies rely more upon different SaaS platforms instead of traditional servers in their business, it’s harder to keep track of security when your data is spread out all over the cloud. A managed SIEM enables you to securely keep track of all the pieces.
- Employees with anonymous links on Microsoft OneDrive that were being accessed by Russia
- Hacker made anonymous links to files on hard drive through email
- If someone gets into your O365, they can hide links in your one drive, even if you clean up your O365 they can still get into those links and then back out into new O365 files
- More potential for backdoors that previously didn’t exist because of cloud for hackers to access data through:
- O365
- Google G-suite
- 3rd party applications
- Sales/Marketing Startup Software (Airtable)
- If you use your O365 or Google G-Suite account to log into a 3rd party app you grant access to data, if that company is hacked it’s a back door into data
- Ability to detect unintentional data access by authorized 3rd party apps
- Ex: log into a 3rd party SaaS through O365 you give access to your data
Accommodate data from different vendors, on premise and different types of clouds
- On prem, cloud (AWS, Azure, etc.) and different manufacturers
- Differentiator against SW and AV: being able to deliver it as a turnkey managed service at an affordable cost
- How to compare and contrast between an older SIEM and our SIEM
Last modified
September 13, 2021