Managed SIEM’s role in a daunting cyberthreat landscape

January 19, 2016 Arctic Wolf Networks

Government agencies, large telecoms, extramarital affairs websites (a la Ashley Madison), retailers, health insurance providers, financial firms, restaurants and hotels have been among the long and growing list of data breach victims within the past year. Given the resourcefulness of the modern hacker, this is not necessarily shocking.

But just when cybersecurity specialists thought they had seen it all, manufacturer of electronics for children, VTech, became the victim of a data breach. As a result of this latest breach, the personal information of around 5 million adults and 200,000 children has been compromised, according to USA Today.

A ray of hope eclipsed by a frightening realization

The good news is that the VTech breach was an act of hacktivism, and the hacker has told Motherboard that he has no intention of selling any of the plundered information obtained. The breach was orchestrated with the intention of highlighting a known vulnerability, which the company is now scrambling to fix. This means that the vulnerability can no longer be exploited for nefarious reasons.

However, this silver lining was short-lived due to one very alarming realization: The breach may have never been detected if the hacker had not come forward, according to Wired. This means that in theory, a malicious actor could have infiltrated VTech’s database, pilfered information about 200,000 children – including pictures – and 5 million adults, and likely no one would have known. It raises the question: What companies are being breached at this very moment?

Unfortunately, detection deficiencies regarding data breaches reflect an ongoing trend among companies: an egregious lack of awareness of what is happening in business networks. For example, the recent Scottrade breach, which affected over 4 million customers, was detected by federal investigators well after the hack had been conducted, according to security researcher Brian Krebs. Likewise, a hack of several Trump hotels sometime between May 2014 and June 2015 was only reported within the past few months. This is an all-too-common occurrence, with breaches first happening months and sometimes years before the affected organization catches wind of the issue.

Monitoring network traffic with SIEM-as-a-service

It almost goes without saying that early detection of a data breach would help mitigate potential damages and expedite any subsequent investigation into the matter. However, many businesses have a habit of giving preventative cybersecurity more weight than detective cybersecurity.

Part of the reason could be that many CIOs are holding on to the belief that a hack will not happen to them. No company wants to believe that it will be hacked; however, the odds are stacked against the good guys, and detective security is more important than ever.

“Detective security is more important than ever.”

Another possibility could be a lack of awareness – especially among small and medium-sized businesses – regarding the types of detective defenses available. In days past, security information and event management services were costly, and could sometimes take as long a year to deploy. This may result in stressed IT staff members, who likely have their plates full with myriad other tasks.

The good news is that SIEM-as-a-service is a cloud-based solution that can be quickly deployed for businesses big and small. It is also considerably more affordable than traditional SIEM services, making it an especially useful service for startups. The ability to monitor network traffic and sift through the many false alarms to weed out truly pernicious cyberthreats can be a lifesaver. Furthermore, managed SIEM is manned by highly knowledgeable cybersecurity experts, so that IT staff remain unhindered in their other duties.

Recently executed hacks against companies such as Sony, Target and Scottrade have put customer data at risk, and this has resulted in lawsuits that ultimately eat into a business’ bottom line and reputation. Not to mention, the cyberthreat landscape is not getting any less menacing. Should cybercriminals penetrate the perimeter, managed SIEM will help to ensure that the threat is detected early, and dealt with quickly.

Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.

Previous Article
What government cybersecurity teaches us about Managed SIEM

It's no longer enough to have the strongest defenses in place; cybercriminals have repeatedly displayed adr...

Next Article
More enterprises putting cybersecurity first

The results of a new survey has revealed that enterprises are finally getting the message that there is no ...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!