Wednesday, 20 March 2013

Security Event Management for the SME

As technology develops at ever faster rates and the numbers involved in creating, distributing and utilising malware increases, there is a growing recognition amongst information assurance and cyber security professionals that protecting the boundary of your network is not sufficient to ensure appropriate levels of security are maintained.  There are numerous reasons for this, one of the most significant of which is that many organisations install protective devices such as firewalls and intrusion prevention systems (IPS) on their network boundaries without changing the default settings or default passwords.

So what do you do?  In the first instance, firewall access controls (usernames and passwords) and settings should be checked and changed on first installation to use non-default passwords, individual named user access and non-default settings.  Secondly, and the only means of discovering the newest malware and zero-day attacks is to monitor and understand what is happening on the network behind the firewall.  Installing IPS devices is a good idea but only if the information it generates is analysed and reviewed by skilled professionals.

To make this kind of analysis possible, and not coincidentally to become compliant with PCI DSS amongst other standards, you need some form of Event Management solution to collate activity and event log information from boundary devices, network devices, security devices and user access devices.  Since that is a great deal of information, the solution needs to understand what constitutes “normal” activity and thus learn to recognised “abnormal” activity.  When it sees anything anomalous, alerts are sent to skilled and experienced professionals to consider whether the activity is either new and acceptable or suspicious.  If the conclusion is the latter then incident management processes are initiated.

SRM has identified a number of Event Management solutions applicable to – and most importantly affordable by – small to medium-sized organisations.  These solutions can be deployed onto our customer’s network or we can help you configure the devices on your network to feed information securely to our event management portal.