A security and information event management (SIEM) tool can be a valuable component of a mature security strategy. Indeed, effective SIEM solutions have been available for well over a decade. Organizations typically purchase SIEM tools expecting fast implementation and reliable security threat alerts that provide the intelligence required to respond promptly and prevent breaches. The reality is quite different.

28th April 2021 Naarden, The Netherlands – LogSentinel, the innovative next-generation SIEM provider, announced that its flagship product, LogSentinel SIEM, was recognized as the best innovation in security and networking at the annual European DEVIES awards. The official award ceremony was held last night as a part of the online DeveloperWeek Europe 2021 conference.

It now takes organizations 207 days to identify and 73 days to contain security breaches, according to IBM’s 2020 Cost of a Data Breach Report. That means the average “lifecycle” of an incident is a staggering 280 days — 7 months! Moreover, cybercrimes are becoming increasingly sophisticated and attackers are quicker than ever when it comes to finding cracks in corporate infrastructure.

Security operations is now a critical business function tasked with securing digital transformation initiatives, to effectively mitigate evolving attacks and expanding attack surfaces, handle complexity and tool proliferation while teams are continuing to be virtual and distributed.

Active Directory is a popular technology used in many organizations to handle their user management, authentication and authorization. The fact that it’s so dominant and so central to the IT infrastructure makes it a key component for security monitoring. It’s also a popular target for malicious actors, as compromising Active Directory accounts gives them access to many resources.

CCPA, the recent legal privacy innovation in the US, has introduced a lot of requirements for online businesses. We have previously covered the principle of accountability in both CCPA and GDPR, and how an audit log of all data-related activities as well as handling user rights’ requests is important for CCPA compliance. But we sometimes get the question “Is your SIEM going to help us with CCPA compliance?” or even “Is SIEM required for CCPA compliance?”.

XDR (Extended Detection and Response) is a new trend by large security vendors, and too often people find themselves asking “okay, what’s the difference with SIEM?”. According to Gartner, the main difference is that it is natively integrated with products, typically from the same vendor, which helps in providing better detection and response capabilities. But let’s take a look into what this means in practice.

You purchase a license (through an RFP process or not), the integrator comes, gathers information about your environment, two weeks later they come to set up the configuration and then you start seeing beautifully ingested logs from all across your environment, allowing you to define meaningful correlation rules. Well, of course, that’s nonsense. It’s never as smooth and straightforward, no matter what the vendor claimed in their datasheet or proposal.

We are seeing a renewed focus on accelerating digital transformation projects across business ecosystems and workflows within our customer base. These projects are enabling key business outcomes and this organizational transformation has given security and IT leaders the catalyst and opportunity to modernize security operations while eliminating on-premises debt.

Google Cloud Platform (GCP) is attracting a lot of companies, large and small, with its stability and many built-in services. But aggregated security monitoring has to be done via an external service. However, log aggregation for security purposes is a mandatory requirement of many standards and regulations. Those include GDPR, HIPAA, SOX, PSD2, PCI-DSS, ISO 27001 and many more.