Shoring Up Security with SIEM

In 2005, Gartner’s Mark Nicolett and Amrit Williams described a new breed of security tool combining Security Information Management (SIM) with Security Event Management (SEM). Today, the Security Information and Event Management (SIEM) market exceeds $4 billion — a figure that’s expected to grow to $5.5 billion by 2025 — and these capable tools are helping organizations shore up security, meet their regulatory compliance goals, and preserve and generate business value.

SIEM is about gleaning insights from all kinds of machine data, which is generated by networks, databases, servers, mainframes, and applications. Once this data is aggregated, correlation techniques can be applied to produce meaningful information about everything from attempted cyberattacks on your systems to detailed reports about the number of devices or users operating on the network.

Since the idea’s inception, SIEM products have worked their way up the security tool hierarchy, and they’re now one of the more integral parts of a complete enterprise security posture. Here are the three main benefits a SIEM solution can bring to your organization.

1. Security
   It’s in the name, so security is obviously the top priority of any SIEM tool. By correlating logs and event data from your networks, devices, other security systems, and more, a SIEM enables you to spot threats before they land and respond to incidents promptly and effectively. As Simson Garfinkel and Gene Spafford, Ph.D. explain in Practical Unix and Internet Security, a computer system is secure when you can rely on it to behave in the manner expected — and SIEM is all about preventing surprises.
2. Regulatory Compliance
   SIEM adoption was originally spurred by regulations such as the Payment Card Industry Data Security Standard (PCI DSS) implemented in 2004. Today, the regulatory landscape has never been more crowded, and businesses hoping to achieve compliance with GDPR, CCPA, HIPAA, FISMA, and more will need to rely on all the tools at their disposal. While most regulations have no specific mention of SIEM tools, the capabilities offered by these solutions are essential to gather intelligence, perform log management, conduct analysis, and generate reports and visualizations.
3. Business Value
   SIEM systems might have security as their top priority, but they can also help your team identify suboptimal network configurations, troubleshoot workflows, and so much more. Splunk, for example, can collect information from almost any source and use machine learning to identify patterns and conduct insightful analysis, turning any type of data into a source of value. With so much information generated in the modern enterprise, SIEM tools are increasingly becoming a means to sift through it all. In the coming years, they’ll be capable of improving all aspects of a business instead of just security.

SIEM tools are a fundamental part of security in today’s enterprises, but they don’t always include all the necessary information. To help get a better picture of your organization’s cyberthreat readiness, it’s a good idea to collect data on mainframe storage management events, including those not necessarily tracked by RACF, CA ACF2, CA Top Secret, and other External Security Managers on z/OS.

For more information, we encourage you to watch our July 14 webinar on demand. It was hosted by TechChannel and featured CTO Steve Pryor and veteran mainframe analyst Reg Harbeck. The pair offered insights into how you can leverage dfSMS events in conjunction with your existing SIEM data to get a more accurate picture of the threats facing your most valuable IT asset.