Why SIEM is a Winning Security Strategy

By on Mar 25, 2015

This blog post was written by Karl Klaessig.

Like most things in life, successful planning for a secure network takes a pre-baked strategy. And, with that strategy comes the actions and tasks needed to carry it out. It’s much like sports – you want to enable your organization to be the one with the ball, dictating the offense to successfully execute plays that result in a score. You should control pace of the game. Don’t let the opponent (in this case, the hackers) dictate the pace, or your strategy.

Companies are tasked with protecting their organizations from advanced threats. For many, the most troublesome threats are Advanced Persistent Threats (APTs), those that quietly monitor a network over time to gather and extract sensitive information and intellectual property – and targeted attacks against a single organization. In fact, according to an Evalueserve survey commissioned by McAfee, part of McAfee Security, 74 percent of the 473 surveyed companies said they are highly concerned about these two specific attacks. Hackers, it seems, are setting the pace of the game.

However, an agile offensive strategy can put you in a more proactive position. In the same Evaluserve survey, 53 percent of organizations said they discovered an attack within hours or minutes, allowing them to disrupt the instance. Behind those detections was the presence of technology that integrates threat intelligence, correlation, analytics, active response and adaptive technologies. They employ advanced Security Information and Event Management (SIEM) technology specifically geared to help incident response.

It works.

Here are the three key findings from the survey:

  • 57 percent of companies capable of detecting targeted attacks within minutes experienced 10 or fewer attacks in 2013
  • 78 percent of those companies employ a real-time SIEM solution.
  • Only 12 percent of SIEM-enabled organizations had to investigate more than 50 incidents in 2015.

This forms a recognizable pattern: hackers usually look elsewhere when faced with the competent execution of existing security solutions.

A SIEM solution capable of real-time threat detection and prioritization offers the actionable intelligence and advanced analysis for security personnel to identify indicators of attack quickly and accurately. Additionally, a real-time SIEM solution integrates threat intelligence, correlation and analytics to detect the eight most common indicators of attack (IoAs) highlighted in our special report, “When Minutes Count.”

To learn more about McAfee’s SIEM solutions and get information on the latest security techniques, explore our SIEM community and follow along with @McAfee_Business on Twitter.

About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Subscribe to McAfee Securing Tomorrow Blogs