Importance of SIEM in 2023

A note from Joseph G. Rickard, OFFSITE CEO

In short, if you’re taking your company into 2023 without Security Information & Event Management (SIEM) in place, do not expect any love from your insurance underwriters or abundant confidence from your investors. One common occurrence is that many prominent cyber insurers have imposed minimum security control requirements to provide cyber insurance coverage terms. If you were recently involved with obtaining cyber insurance for your organization, you probably discovered that the providers are now expecting companies to, at minimum, have a SIEM in place.  Without a SIEM, the premiums will be significantly higher, or insurers won’t write the policy at all. Gartner research shows that 88% of boards regard cybersecurity as a business risk rather than exclusively a technical IT problem.

Trends from the 2022 Cybersecurity Landscape:

It’s no secret that cybersecurity threats continue to evolve and grow each year. That is evident by the cybersecurity landscape we’ve seen in 2022.

  • Record Claims on Cyber-Insurance Policies
  • Massive Consumer Data Breaches
  • Business Interruptions
  • Widening Range of Threat Actors
  • Growing Array of Attack Vectors

There are constantly new threat vectors, new regulations and directives, and new technologies and initiatives to be considered by CISOs and other cybersecurity professionals.

CISOs can gain the upper hand when it comes to cybersecurity threats by adopting a SIEM solution.

The job of securing an organization’s network, resources, and assets from top to bottom and across all locations is impractical without taking a holistic view.

In my opinion, having an enterprise network without a SIEM in place is analogous to running a retail operation without any security cameras.  In a retail setting, video recording from security cameras can provide insight if merchandise disappears out the front door via shoplifters, or if it is stolen from the loading dock via employees.

In a similar way, SIEM log files can be used to obtain a granular view of an enterprise and can confirm how & when data may have been stolen from an enterprise network. A properly configured SIEM will deliver regular executive reports providing visibility into the corporate network and the data it holds.  The SIEM will also be able to deliver forensic reports to the company’s General Counsel when fulfilling requests by law enforcement or when needed during the e-discovery phase of litigation.

Having a SIEM in place that is configured with the appropriate log file inputs can pay for itself and spare executives a lot of angst.

I have personal experience to back this assertion up, from my time as the CTO of an investment bank. During this time, we had a new super-star salesperson join a business unit of the company.  Shortly thereafter, the General Counsel received an unfriendly communication from a large New York law firm. The firm felt that the salesperson had taken proprietary client lists and was using said lists to benefit our company.

In a technical review session with opposing counsel, my team was able to provide them confidence (via evidence) that no such files had ever been uploaded to our corporate network.  That one session prevented the company from having to defend a complaint, with the corresponding legal bills and corporate distraction that would come with that task.

Managed SIEM solutions from a Third Party offer exceptional value.

Do not discount the value of having a SIEM managed by an outside firm.  There are several reasons why having a third party manage your SIEM solution is advantageous.

There has long been a skills gap in the industry, but it is widening. There is a need to develop talent in-house, in order for organizations to keep up with their security stack, however, this is time-consuming and costly to do so. Managed and co-managed cybersecurity solutions can augment in-house IT teams, in the case that resource constraints are making it difficult to act on SIEM findings.

Additionally, a third party can offer outside perspective and guidance to ensure you’re collecting the right log files and can verify the chain of custody of said files.

Lastly, when things get ugly, being able to have a “disinterested third party” attest that the data inputs are true – is powerful.

No matter how challenging the 2023 threat landscape becomes, having the network visibility that a SIEM provides will help keep your network safe and corporate executives out of hot water!

About the Author:

Joseph G. Rickard is a co-founder of OFFSITE and has been on the company’s Board since its inception, over 20 years ago.  In 2020 he took the helm as Chairman & CEO.  Previously, Joe was a Partner & CIO at a large investment firm in Chicago.  That experience included developing the technology infrastructure and proprietary SaaS applications, used by over 400 large companies.  More than $670 billion in securities have been underwritten through these systems.

Are you worried your SIEM Action Plan isn’t ready for 2023?

OFFSITE has a team of engineers working around the clock to provide support to our clients. If you’d like guidance from OFFSITE’s Security Operations Center, we are available to help develop a Managed SIEM Solution to protect your organization’s data. To contact us, fill out the form below, email, or call (262) 564-6500.