Threat Intelligence-as-a-Service brings SIEM Within Reach of SMEs
Organizations are being targeted by cybercriminals more than ever. According to the latest statistics from Symantec, 52.4% of phishing attacks in December 2015 were against small and medium-sized enterprises (SMEs). The month prior demonstrated an even bigger spike. The situation is forcing businesses of all sizes to augment their network and mobile security. Topping the list of improvements include the need for better threat intelligence and endpoint security.
Security information and event management (SIEM) systems provide a valuable tool to gather threat intelligence through activities logged from various applications and devices. The logs are then combined to create threat intelligence reports that can identify signs of unauthorized behavior. Because of their complexity, until recently SIEM systems were considered exclusive to those large enterprises with access to the sizeable budgets and resources required to maintain them.
Established players in the SIEM market include HP ArcSight, IBM QRadar, LogRhythm, McAfee ESM, Solarwinds and Splunk, all of which share a common criticism. IT professionals that use these systems frequently complain SIEM produces so much data that they are unable to tell immediately which reports might constitute an actual threat. The incidence of such delays was also highlighted in ClearSwift’s Insider Threat Index of 2015 which found the average time to spot unusual network activity was seven hours. Furthermore, the reports are very technical and have to be re-written for the benefit of non-IT personnel, requiring additional time and cost.
However, a variety of cloud-based alternatives such as ControlCase or Trustwave are now available that allow smaller organizations access to SIEM-like capabilities but on a much simpler, pay-as-you-use basis. Featuring built-in best-practice templates and customizable management dashboards these software-as-a-service (SaaS) solutions provide users with a clear, real-time snapshot of risk vulnerabilities and give SMEs a kick start toward overall threat intelligence.
Such visibility is important to SMEs who allow their employees to access company resources and applications from their own mobile devices. Unless there are sufficient measures in place to safeguard access to company networks, BYOD-friendly organizations will remain vulnerable. However, network access control can be quickly reinforced by integrating a VPN allowing for SIEM-quality data analysis.
A VPN allows only authorized users and devices with secure authentication credentials to access network resources. All connections are logged, providing structured data to determine if unauthorized users have compromised the endpoint or network. A SIEM-enabled VPN supports IT professionals in determining the root cause of suspicious behavioral patterns and attacks.
Unlike other VPN connections, NCP’s centralized management capability further reduces remote access risks. There are a number of advantages with this including:
- Single point of administration – allows IT administrators to manage connectivity so that as companies expand, and the number of users or endpoint devices increases, the network never becomes too complex to operate securely and efficiently
- Productivity enhancements – automation of many daily mundane tasks reduces user error, simplifies updates and allows IT staff to focus more on business innovation initiatives
- BYOD support – support for a wide range of mobile devices and the latest operating systems allows businesses without an official bring-your-own-device (BYOD) policy to implement one
- Cost savings – automation of multiple manual tasks reduces help desk costs
- Protection for existing infrastructure investment – ability to integrate within an existing infrastructure helps to ensure previous investments in third-party software or hardware are not wasted
- Secure, cloud-enabled access – managed service providers can offer VPN as a service, ensuring comprehensive endpoint security
The combination of SIEM systems and network access control via the deployment of VPNs can significantly mitigate or totally thwart security threats that loom every day, especially with the proliferation of mobility. Through SIEM and VPNs, organizations and SMEs in particular, now have the tools to proactively manage and monitor phishing, malware and other malicious behavior.