Expanded Definition: Security Information and Event Management (SIEM)

What is security information and event management (SIEM)? 

Security information and event management (SIEM) is a type of software that is used to detect, prevent, and help resolve cybersecurity incidents while centralizing security event information across an entire network. In other words, SIEM tools are designed to help businesses identify cybersecurity vulnerabilities and threats before they can have a major negative impact on operations and product or service delivery.

Wondering how SIEM software works? SIEM solutions can vary in their specific capabilities, but at a high level they should be able to perform these core steps:

  1. Collect log and event data from an organization’s network devices, firewalls, wireless access points, servers, and more
  2. Aggregate the data collected from various sources into one place
  3. Analyze the aggregated data to identify potential threats
  4. Cross-correlate potential threats with other systems data and configuration information to determine if they are true threats
  5. Alert the organization of true threats so they can be further investigated and contained

While all of the above steps are important, #4 and #5 are what separate best-in-class SIEM tools from software that’s marketed as SIEM but doesn’t really get the job done. A robust SIEM solution must be able to cross-correlate data from all devices with configuration information, threat intelligence feeds, blacklists, geolocation data, and more in order to increase accuracy and ensure that all notifications are actionable.

A lackluster SIEM, on the other hand, is liable to produce false positives (too many notifications about unsubstantial threats) and/or false negatives (missed alerts about true threats). Whether that results in unnecessary calls in the middle of the night or insidious malware that goes undetected for a period of time, both outcomes can result in headaches and a potential loss of productivity and revenue.

It’s also worth noting that the need for organizations to enhance their ability to detect and respond to cyber threats is urgent: According to The State of SMB Cybersecurity in 2021 survey conducted by Vanson Bourne and commissioned by ConnectWise, 75% of business decision makers and 83% of IT decision makers are concerned their organization will be the target of a cybersecurity attack in the next 6 months.

The MSP role in security information and event management 

As MSPs continue to play a bigger role in providing cybersecurity protection for companies, it’s important to learn how you can help improve your clients’ security through SIEM offerings and other services.

Risk Assessments

As the survey results above indicate, some of your clients are likely anxious about the likelihood of an impending cyberattack but may not know the best way to identify ways to improve their cybersecurity posture. Enter: risk assessments. Assessing risk requires the careful analysis of threat and vulnerability information to determine how a cyber incident could negatively impact a client as well as the likelihood that such circumstances or events will occur.

Offering strategic risk assessments shows clients that your MSP has their best interests at heart and that you are willing to be proactive about improving their cybersecurity.  You may want to consider adding a risk assessment to your quarterly customer meeting.  A comprehensive risk assessment should highlight:

  • Network vulnerabilities
  • Insufficient device management
  • Data compliance issues
  • Internal threats
  • Potential impact of an incident

A risk assessment should also include a list of actionable recommendations so that your clients understand not only where problem areas exist, but also next steps they can take to shore up their defenses.

Threat intelligence

Staying vigilant about your clients’ cybersecurity and helping them stay ahead of potential threats can greatly reduce the effort you and/or the client would have to expend to remedy an actual data compromise. That’s why a growing number of MSPs are using threat intelligence providers, such as Information Sharing and Analysis Centers (ISACs), to gather data about emerging threats as they develop in real time. For example, the CompTIA ISAO is dedicated to developing the cyber resilience of MSPs.

To benefit from some of the best threat intelligence on the Internet today, MSPs can leverage curated threat feeds to better manage their clients’ threat indicators and give them more control over data security. For example, the ConnectWise Cybersecurity Research Unit openly shares intelligence discovered while threat hunting, which can be used to identify potential threats and filter out false positives.

Co-managed SIEM-as-a-service

SIEM tools are highly valuable for MSPs looking to offer cybersecurity services to their clients, but they come at a cost. SIEM software can be expensive and difficult to configure and implement, plus they may not have out-of-the-box integrations with all of your current systems and software. What’s more, one survey from 451 Research found that only 21% of organizations believe they are getting full value from their SIEM tools.

With co-managed SIEM-as-a-service, your MSP works in collaboration with cybersecurity experts to ensure you are offering clients optimum security (and value). Because the responsibility of managing the SIEM software is shared, you don’t have to incur extra costs such as hiring additional personnel, buying special equipment to host the software, or needing to conduct specialized training for your staff.

Co-managed SIEM-as-a-service featuring compliance automation is especially useful for serving clients that have compliance and regulatory requirements (HIPAA, PCI-DSS, etc.). When it’s time for an audit or exam, features like flexible log capture, retention, and review allow you to easily generate compliance reports and send them your client, making life easier for everyone involved.

 

 

Did you know?

69% percent of organizations say that their cybersecurity efforts emphasize incident response over proactive activities like threat hunting or utilizing threat intelligence.

The Cybersecurity Illusion Report from Ponemon Research

Additional resources

blog icon Understanding co-managed SIEM

The next generation of SIEM solutions allows for increased collaboration between cybersecurity experts and in-house IT teams, resulting in greater efficiency and cost savings. Here are some of the biggest similarities and differences between traditional SIEM and co-managed SIEM.

Blog post >>
toolbox icon ConnectWise Cybersecurity Starter Kit

Want to start selling cybersecurity? We’ve put together a kit to help. Download the kit today for helpful resources that will transform your business from an MSP to an MSP+ model, including educational information for your SMB customers, templates, and more.

Kit >>
work plan icon The SMB Cybersecurity Checklist

How secure are your SMB clients? Chances are, they may not fully understand their risks and exposures. Use this 30-item checklist to start the conversation around cybersecurity, help them understand the cybersecurity landscape, and assess their security postures.

Checklist >>
reporting icon Cybersecurity in an Era of Competing Priorities: The State of SMB Cybersecurity in 2021

SMBs are not immune from cybersecurity risks—quite the contrary. Our 2021 survey of 700 SMB decision makers uncovered interesting findings about how these businesses are thinking about cybersecurity, their spending plans, and what motivates them when it comes to security.

Report >>
vulnerable assessment icon The Security Journey Self Assessment

Wondering where you stand in your cybersecurity journey? Take this assessment to understand how advanced your cybersecurity knowledge is and to identify areas where you can expand upon your understanding of key cybersecurity concepts and precautions.

Assessment >>
blog icon 3 steps to stop cyberattacks: prevention, detection, and reaction

Do you know all of the factors involved with cyber threat prevention, detection, and reaction? Many cybersecurity tactics and solutions include one or two of these, but do not provide full coverage. Dive into the different responsibilities and process requirements involved with each of these critical steps.

Blog post >>