SIEMs (System Information and Event Management) are a first step to secure IT. SIEMs collects logs, standardizes archival, creates reports and raise events. It allows to detect attacks and to analyze logs. In order to achieve security compliance with IT security standards (PCI-DSS, for example), it is a cornerstone tool for the CISO.
Banks, Healthcare and eCommerce websites, just to cite a few, are prior targets of hackers. CISOs must take into consideration the security requirements into account. These requirements are drawn from security recommendations from standard bodies such as the ANSSI (French national computer security agency), which defines how companies must monitor and manage systems and networks.
Is a SIEM solution enough?
According to Forrester, vulnerabilities are the primary gateway for 53% of cyber attacks. The NIST 800-137 (National Institute of Standards and Technology) recommends to add a continuous vulnerability scanner as a good practice to reduce risk. The vulnerability scanner will allow prevention and better response to threats.
SIEMs raise a significant alerts number throughout the day. The first consequence is the CISO must manage a lot of interrupts and identify the false-positives. Moreover, he must spend time to enhance SIEM configuration to eliminate duplicates and to reduce alerts.
A new generation vulnerability scanner will help the CISO in her approach. This tool brings value because SIEM identifies security problems, but it isn’t able to have a view about vulnerabilities and their risk level. It is where Elastic Detector comes in: it reduces alerts, prioritizes vulnerabilities, allows to know their importance and helps with remediation thanks to a detailed report. Continuous and automated analysis enables the CISO to optimize the time spent looking for breaches and their consequences, therefore focusing on remediation tasks that increase the security posture.
To increase the efficiency of the CISO and her technical teams, SecludIT created a whitepaper that explains steps to enhance an SOC (Security Operation Center) with SIEM Elastic Stack and the new generation vulnerability scanner Elastic Detector.
To know how to integrate a new generation vulnerability scanner to your SIEM, download our White Paper :