This site is currently using a generated translation

What is a SIEM and why do you need one?

Security Information and Event Management, SIEM, is an advanced security tool that helps IT and security managers protect company data, users and devices against threats, intrusions and hacker attacks. SIEM creates a secure IT environment by looking for anomalies in user behaviour patterns, thereby preventing and deterring intrusions.

Thomas Öberg is a security expert here at AddPro and has long worked with SIEM and the various components that form the basis of SIEM.

  • SIEM, simply explained, looks at logs from across your IT environment. This can range from devices, applications and services to firewalls and switches. SIEM looks for anomalies, intrusions and alerts. The signals are analysed and presented to give you an overview of your IT security.

A clear benefit of a SIEM system is that it doesn't just monitor your IT environment. SIEM can also react quickly when it detects a threat or attempted intrusion. For example, an IP number from an unexpected location can be blocked before IT even gets the message. The protection is up and IT can let it in if it turns out to be a trusted connection.

Who needs a SIEM?

As more data, services and work move to the cloud and the IT environment becomes more complex with hybrid solutions, security threats and exposures increase. In the past, when all IT was in the basement and users had to physically connect to the corporate network, it was easier to protect yourself with high walls. The world has changed a lot since the central IT function was a water-cooled AS400 in the server room.

  • Companies that have a more complex IT environment and realise that it is better to prevent than to be prevented need a SIEM. A breach can cost a lot," says Thomas.

A breach can hit your business hard. A breach can be anything from incorrect invoices and ransomware that locks up all your files, to a halt in production. Resolving an IT disruption not only costs money and resources, it can cost even more in lost production and lost trust among customers and partners.

SIEM simplifies administration

With a SIEM solution, IT administration can also be simplified by bringing user management together in one place. A modern SIEM can manage logins from a variety of services and applications, while monitoring logs for anomalous behaviour. A user who has been hijacked can be blocked from all services more quickly if this is done centrally. At the same time, it is easier for the individual user as there are fewer passwords to keep track of.

Guide Zero Trust

SIEM is nothing new

Just as IT threats are not new, SIEM systems are not new. SIEM systems have long been used by large companies with very complex IT environments. The problem is that they have been very expensive and required large resources to operate.

  • We are now seeing the emergence of SIEM systems aimed at smaller companies, a clear example being Microsoft's Sentinel, which with all the resources in Azure becomes an alternative for companies that have the need but not the IT resources for a SIEM, says Thomas

Thomas also says that many companies have not realised the need for a SIEM. This, he says, may be due to a combination of an undeveloped security strategy and immature IT security where a firewall and antivirus software are considered "good enough".

How AddPro works with SIEM and Sentinel

The fact that no one is safe today is not news and all companies need to continuously review their security, regardless of size or business.

  • At AddPro, we try to provide our customers with the highest possible level of security based on their unique circumstances. Any company can take simple steps like enabling multifactor authentication to at least get basic protection. Then the need for a SIEM can be evaluated.

Security costs money, but unfortunately many companies overhaul their security too late. Often after a breach has occurred. At best, it's someone else's accident that puts IT security on the agenda and makes room in the budget.

  • I can almost promise you that in the long run, it's more expensive to be insecure with breaches and downtime than it is to invest in IT security," concludes Thomas.

Do you have a handle on your company's IT security? Do you need a SIEM? Contact us and we'll help you.