Sascha Giese, Head
Geek at SolarWinds
industry unlocked
Public sector organisations are heavily targeted
due to the rich quantity of data they hold.
It’s crucial that citizens can trust government
organisations not to let their personal information
fall into the wrong hands. SIEM tools might just
be the answer to this. Sascha Giese, Head Geek
at SolarWinds, identifies exactly what a SIEM is
and how public sector organisations, including
governments, can make the right decision when
choosing which SIEM tool is right for them.
44
C
Cybersecurity is one of the biggest challenges
being faced throughout the public sector today.
Keeping the data of the general public safe and
inaccessible is not only crucial for maintaining
the trust of citizens, but also for ensuring critical
and sensitive data doesn’t fall into the wrong
hands. The task of maintaining and advancing
cybersecurity in a public sector organisation is
complex and while no single tool or technology
can solve this problem, Security Information and
Event Management (SIEM) software might just be
the answer to the biggest dilemmas.
Spelling it out
So, what is SIEM? SIEM tools blend Security
Information Management (SIM) with Security
Event Management (SEM) capabilities into a
single solution, with the intention of providing
comprehensive threat detection, incident
response and compliance reporting capabilities.
SIEM tools work by collecting data from event
logs of most devices in an organisation, from
servers and firewalls to anti-malware and spam
filters. The software then analyses these logs,
identifies any anomalous activity and issues an
alert – or, in many cases, responds automatically.
Specifically, with SIEM software, an IT professional
can quickly identify potentially suspicious activity,
learn who has been affected and implement
automated mechanisms to stop an attack before
it affects the organisation. And when the IT
organisation in question is part of the public
sector, protecting central government data from
harm means protecting people across the UK.
One of the main advantages of SIEM
software is how it pulls together data
consolidation and centralisation. When
data is coming from multiple places – for
example, from different departments of a
hospital, or across different sites – SIEM
software consolidates and analyses this
data in its entirety; the IT team can then
view all the data from a single dashboard.
A single, unified view can help find
trends, spot any unusual activity and
help establish a proactive (as opposed
to a reactive) response.
Making the right decision
The range of SIEM tools from third-
party businesses today is huge,
with each offering its own benefits.
These tools can provide everything
an organisation needs, from Big Data
analytics to centralised forensic visibility
to Artificial Intelligence-driven behaviour
analytics. However, it can be a real
challenge to choose a tool to best fit the
organisation’s requirements.
There are multiple things to consider
when choosing a SIEM solution. Some
are more obvious than others, such as
scalability; IT teams understand the
importance of investing in a tool that
will grow as the organisation’s needs
grow. Cost is also always a major factor,
particularly for the public sector where
budgets are typically quite restricted.
Issue 19
|
www.intelligentciso.com