Once upon a time, kings and ministers were wealthy based on the kingdom, the size of produce and the taxes they could levy on it. Wars were fought to expand their geographical kingdoms, winners got more land and could ride through their estate, patrol it and even guard it against opposing armies. In retrospect, those were the good times. You could physically see your estate, measure it and protect it. Flash Forward to 2020 – your estate consists of continuously churning data hubs and your super large data warehouse in the cloud, your income is dependent on how you protect, mine and extract value out of this precious commodity. Your security is woefully inadequate if you built it in the 1970s based on mainframe architecture with technology which didn’t realize the potential threats which internet could throw upon you.
How do you protect what you cannot see?
Today you can neither see your data (physically the servers and their storages) nor your attackers. Hackers are constantly looking to exploit gaps in IT systems, applications and hardware. Cyber-threats are becoming more common, with serious IT breach making headlines every other day. Hackers are well equipped and the cloud + democratization of the internet has created a level playing field (even though it’s an unfortunate thing) for the large corporates vs the hackers. Today’s 20 something hacker is as assured and confident; armed with sophisticated tools, supported by an unseen, unknown army/network of mercenaries (or goes solo) who exploit every single chink in your armory.
A plethora of cyber security products are floating in the Cyber Security Market that organizations can choose, but which is the most dependable, genuine and cost efficient outlier? Before we get to the conclusion of this condescending question you need to understand what threatens the company and what it takes to stop the cyber-attacks. Once you’re aware of these concepts you’ll see why SIEM is a need for organizations in today’s world
Are you prepared for an obscure invasion?
Let’s take you back to the good old days into ancient history and war tactics, until the introduction of modern machinery, animals have played an often-decisive role in warfare. In the book Beasts of War: The Militarization of Animals, author Jared Eglan curated amazing insights into how militaries have used a stunning menagerie of animals in combat. Dogs and horses were probably the first animals used in war, and many are still used today in modern military and police tasks.
Bears appear a few times in the history of warfare, one bear in particular became famous for his exploits against the Germans during World War II. On the contrary to win a war you need something humongous and deathly, allow me to introduce you to War Elephants. Often times a dynasty’s strength was determined by how many war elephants the king owned. War elephants can be compared with modern day fully equipped tanks, they were heavily armored and had massive amount of weapons in their arsenal. They had castle like structure on the back for soldiers, a mahout to guide them, War Elephants themselves had longs daggers and swords sometimes several feet long attached to their tusks
Unlike War Elephants in today’s high-tech world we have SIEM which stands for Security Information and Event Management, SIEM is the War Elephant that will keep your Cyber Security team on top of the security in real time. It is a system that is used to detect, prevent and resolve all cyber-attacks while centralizing all the security events from every device within a network.
A significant feature of SIEM is to gather all raw security logs/data from organization’s firewall, access points, server and other devices, categorizing and analyzing security alerts in real time.
Why do you need a SIEM?
Advance cyber threats are going to be prominent in 2021 and beyond. The revolutionizing disruption in IT is both a blessing and a potential curse. Old School tactics of using firewalls and antivirus software is outdated. Your IDS & IPS won’t be able to detect malwares & threats that comes in attachment, banner ads and malicious websites which can gain access to your network through an internal device Organizations should be prepared for all the challenges of cyber security and strengthened their foundation to cope with diverse cyber threats like AI –driven attacks, IoT attacks, Social engineering, Insider threats, Phishing, new cyber regulations etc.
Introducing Azure Sentinel
Microsoft’s Azure Sentinel, A Cloud native SIEM service with built-in AI for analytics. It removes the cost and complexity of achieving the central and focused near real-time view of the active threats in your environment. And just like any other service in Azure, the service scales automatically to your needs. Azure Sentinel works by correlating the security logs and signals from all sources across your apps, services, infrastructure, networks and users, whether they reside on-premises in Azure or any other cloud. The built in AI leverages Microsoft threat intelligence that analyzes trillions of signals every day. And its machine learning models refined through decades of security experience filter
through the noise from alerts, drilling into it analyzing thousands of anomalous events, to return a view of threats that really require your attention. For example, here in the overview dashboard,
It gives you bird’s eye perspective of the events going on in your environment.
By now you may have realized multiple reasons as to why you might need a system as efficient as a SIEM to manage your security. With Sogeti’s Cloud Security Expert and Azure Sentinel you will have a team of experts to give you the daily services of an experienced and knowledgeable support team. and a reliable product that will detect attacks inside and out, and that reports threats accurately without producing false-positives.
Are you interested in securing your data from potential threats? Drop a note in comments for more details.
Co-author of this article: Arif Mujawar
Arif Mujawar is a Business Analyst | Sogeti – Automation & AI.
Process Automation & Cyber Security aficionado, experienced in understanding stakeholder and business requirements, transforming data and creating visualizations.
About Balaji Rajagopalan
Leading Digital Transformation for large enterprise customers. Focused on leading and transforming organizations with Automation and Artificial Intelligence enabled solutions. Helping create a digital strategy to support enterprise clients in their automation journey. Ability to easily dissect client's real needs from aspirations to chart out a safe and reliable digital strategy. Implementing Robotics Process Automation and Machine Learning in DevOps and Agile Process Automation for our marquee customers in Europe and North America.
More on Balaji Rajagopalan.