Subscribe
  • Home
  • /
  • Security
  • /
  • SIEM - anchor tenant for security and compliance

SIEM - anchor tenant for security and compliance

By Zenith Systems
Johannesburg, 06 May 2011

Driven by regulatory compliance, cyber attacks and internal fraud, SIEM and log management have become an essential security technology for large and small enterprises alike.

ITWeb's Security Summit 2011

More information about the ITWeb's Security Summit 2011, which takes place from 10-12 May 2011, at the Sandton Convention Centre, is available online here.

It was recently reported by industry analyst firm Gartner that the security software market will grow more than 11%, passing $16.5 billion - with SIEM taking a 20% cut.

Considering that Q1Labs, the developer of the QRadar SIEM tool, is implementing, on average, over 50 SIEM solutions per month, and with South African organisations starting to embrace the technology, SIEM is fast becoming the de-facto anchor tenant for security and compliance initiatives.

What is driving this growth?

Einstein said that insanity is doing the same thing the same way and expecting a different result. Implementing perimeter and internal defences and continually trying to improve these through version upgrades is insufficient and inefficient. These defences are important, but they typically operate in security silos with very little correlation between them. In addition, new threats emerge on a daily basis, often with no coverage by the perimeter defence technologies implemented.

Furthermore, the volumes of data generated by the individual vertical security components are simply staggering, and making sense of these in conjunction with the logs and flows that traverse the corporate networks, is impossible. This, coupled with the advent of Advanced Persistent Threats and the move by criminals from selecting targets of opportunity to targets of choice, means that isolated security silos simply do not give real time comprehensive analysis and interpretation of the organisations security posture.

The South African challenge is compounded by the skills shortage. It is a known fact that many corporate institutions are simply unable to fill their IT Security vacancies.

So, look at the mix of variables - Ever evolving threats, ever more audacious attacks, IP as a saleable commodity, log and incident overflow, myriads of security tools and formats, insufficient skills to monitor and manage the threat landscape.

The only way to deal with the complexity of the threat environment is to automate the process. Aggregate all of the data emanating from the security devices (firewalls, IDS, IPS, AV, etc), gather the logs from operating systems, applications, routers, switches etc. and include network activity (SFlow, JFlow, etc). Bring all of this data together, normalise it, correlate it and determine the level and severity of threats. This is what QRadar SIEM does for you - all in real time, with no error and with built in best practice rules, so even if your security staff complement is stretched, you still have the system making “expert” decisions based on real, actionable data.

Zenith Systems is the sole South African supplier of QRadar SIEM. http://www.zenithsystems.co.za

Share

Editorial contacts

Murray Benadie
Zenith Systems
(073) 221 2171
murray@zenithsystems.co.za