Siem Tools For Top Management

 Security Information and Event Manager (SIEM) is a software and service that combines the best of both worlds: security management and event management in one system. SIem is a security management approach that combines events, threats and risk data in individual systems to improve the detection and resolution of security problems and provide an additional layer of defense.

The use of SIEM can be enormously helpful, but it requires the security of business processes and data to be taken into account in order to use the tools as effectively as possible. Using the tool with default settings generates substantial data and warnings, and adapting the tool to the specific needs of your business, business process and risk management will lead to improved results. SIem tools collect data from multiple systems and analyze it to detect abnormal behavior and potential cyber attacks. They embed important parts of a data security ecosystem into a single platform, such as a web application, database, or cloud service.

Security Information and Event Management (SIEM) is a software solution that combines and analyzes activities from many different resources across the entire IT infrastructure. SIem tools provide a central place to collect events and alerts, but they can be expensive and resource intensive. Some customers report that it is often difficult to solve problems with SIEMS data.

SIEMS can apply analysis to this data to detect trends, identify threats, and enable organizations to investigate alerts. Security Information and Event Management (SEM), which analyzes event and protocol data to facilitate the management of security events and alarms across the entire IT infrastructure. It combines the ability of a SIM security information management SIM to collect, report, analyze and report logs and data with the capabilities of a SIEM tool such as a database, analytics tool or web application.

SIEM tools provide real-time security monitoring - related events and incidents such as failed logins, network outages and security breaches. SIEM software logs the data generated by enterprise technology infrastructures such as servers, networks, databases, web applications, mobile devices and network infrastructure.

If the analysis shows that an activity is outside the predefined rules and thus potentially compromises security, a warning is sent to the SIEM system.

This enables real-time situational awareness, so that the company can detect, understand and respond to hidden threats. ESM is a powerful tool to use real-time data correlation to dramatically reduce the time it takes to detect, respond and protect the business. This alerts the SIEM system and the IT Security Management System (ITMS) with suspicious activities.

This is combined with the real-time data correlation between the SIEM system and the IT Security Management System (ITMS) to identify outliers and respond with appropriate measures.

For over a decade, SIEM systems have come a long way from simple protocol management to integrated machine learning and analytics. Event management focuses on incidents that can pose a threat to the system, such as malicious code attempting to enter, while information management deals with real-time monitoring and analysis of data in the IT Security Management System (ITMS).

Given the multitude of tasks that SIEM solutions perform, their integration into a company's existing information security architecture can be daunting, especially when it involves multiple different centers spread across the globe. Protocols from all sources within an organization are likely to be incorporated into the IT Security Management System (ITMS) and other IT management systems.

The compromise is that administrators must perform integration actions to tell SIEM software how to analyze and process the types of protocols an organization collects. If you choose an alternative approach, almost all SIem systems offer the ability to create protocols from commonly used protocol sources such as protocols of the IT Security Management System (ITMS) and other IT management systems. Since each organization has a unique combination of log sources, those looking for the best SIEMS software for their organization should be able to build an inventory of all the logbooks in their system and compare that inventory with support for each of the supported log sources. SI EM tools are more flexible and support almost any logSource.

Security experts in companies have abandoned traditional protocol management systems such as ITMS and IT Security Management System. The evolving log - management root has introduced a new generation of SIEM tools for top management and security management.

These tools have the ability to monitor threats and provide real-time alerts regarding security. SIEM technology has been around for a long time and initially developed from log management discipline to security management tools such as ITMS, IT Security Management System and IT Management Systems, but has evolved from the original log management disciplines to network management, network security, data security and network management systems (NMS). SIem Software is a combination of a number of different tools for top management and security management. 

Cited Sources

• https://www.varonis.com/blog/what-is-siem/ ⁰
• https://cloudsmallbusinessservice.com/small-business/top-7-security-information-and-event-management-siem-software.html ¹
• https://www.helpnetsecurity.com/2020/05/22/siem-solution/ ²
• https://www.featuredcustomers.com/software/what-is/security-information-and-event-management-siem ³
• https://searchsecurity.techtarget.com/feature/Comparing-the-best-SIEM-systems-on-the-market ⁴
• https://adlumin.com/what-is-siem-software-how-it-works-and-how-to-choose-the-right-tool/ ⁵
• https://www.irs.gov/privacy-disclosure/security-information-and-event-management-siem-systems ⁶
• https://www.bitlyft.com/siem-tools-to-consider/ ⁷

 

Security Automation

 

Fear, one of the most powerful drivers of all time. Movies, novels, companies, even I had the unfortunate chance to hear the following phrase directed to a coworker: " I can replace you with a script and I will save money".

Automation is the new catchy word in the industrial environment, we see it everywhere: in car factories, coal mines, banks, even in the airports where tasks related to security are being transferred to automatic tellers. But is this suitable for all commercial environments?, the answer is partially.

Humans are valuable (not costly as some executives like to view them) by their decision making capabilities and a new evolution process has been taking place all over the world, thinking people are getting hired, and mechanical people are getting displaced. It is not a matter of justice nor survival, it is a matter of cost vs profit.

Is automation in security viable?

Yes it is but in a partial way, everyday hackers all over the world bypass security controls designed and maintained by fellow humans, automated systems are predictable (which is a terrible word in the business), we can automate tools and monitors but security intelligence? that's not automatable.

No matter how complex is the algorithm (computer process), the fact that all possible routes are programmed means there will be a thousand ways to bypass it, human ingenuity and logic is paramount to stop cyber-criminals.

Don't take me wrong, every company should invest in security means and tools to aid the process and some automation is necessary to analyze the tens of thousands of transactions the average enterprise performs daily, but every machine, every analyzer in the market will depend on search patterns and every search pattern will cause a situation known to security professionals: false positives and negatives.

A false positive is an event which triggers an alarm but is not a situation worthy TO INVESTIGATE, like a common employee performing a click on a file he is not authorized to and not getting access.

A false negative is a situation where the alarm should be triggered but it is not like the employee in question getting access to the file he has not been authorized to read/change/delete.

These factors are part of the everyday work of a cybersec engineer and a great deal of our training, human instincts become the differentiator to detect the anomalous behavior.

Then what can automation do?

To detect these factors which allows us to identify the possible intrusions, we would have to manually check all servers under our watch. which would severely raise the amount of people involved, instead the security orchestration tools allow us to see the activity in various fronts even in a graphical way enabling a major coverage on our duties.

In words of Eran Barak, CEO and Co-Founder, Hexadite: "All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organization more secure. "

Automation needs to be seen as a tool and as any tool it is only good for the person trained to use it, we cannot expect to take in someone trained to be a network technician and takeover cybersec without so much than a manual.

Resources

https://www.securityweek.com/five-steps-security-automation

https://www.dflabs.com/blog/security-automation-vs-security-orchestration-whats-the-difference/

https://www.darkreading.com/operations/the-best-and-worst-tasks-for-security-automation/d/d-id/1332074

https://www.helpnetsecurity.com/2019/04/16/it-security-automation-skills/

https://www.information-age.com/staff-skill-shortages-security-study-123473231/

How much is our data worth ?

 

Now that is an interesting question is it?
For the average person is no longer so but if you are reading this it is a safe bet you are already wondering so. Like any of the deepest questions in  our world, this topic needs context to be correctly analyzed so let's begin:

What is "data"?

Data is a very volatile concept which is easily shaken by the social media companies and government, basically it is any information they can take from you and compile.
It doesn't sound so vile right? But start taking in account how much of your life they are disclosing either directly or indirectly and it will amaze you.
A big part of their information gathering starts with your name, age, address ,etc. this will constitute your profile, which will serve as a header for the next steps which will be:

• who are your friends
• where do you go to eat
• what do you like
• what do you hate
• Which ideas do you support
• what do you buy

To name a few.
Still doesn't sounds ominous? Let's continue:
This profile will classify you into different categories easily searchable and catalogued which will be used for diverse purposes

So let's get in context: in the old days if a business wanted to advertise on their products they would buy space in the radio or in a TV spot where most people are watching and hope for the best.

That is until demographics came into the scene.

Then people started studying who watched what and when and the market started changing.

Let's take the example of the TV show "Matlock".

"Matlock" was a TV series about a senior citizen who was an amazing detective and every week he would solve a mystery, most of the time related to other senior citizens.

Now it would be a show which would attract senior citizens mostly right?, well it did but it also attracted people who were interested in mystery and investigation series.
So a company selling products and services for senior citizens would buy time for their ads at "Matlock" and hope for the best.

But how about if you could filter out people not interested in your product and filter in people interested in whichever age band there is?
Enter social media, now companies did this using questionnaires at malls and supermarkets, nowadays they don't need to do so, we do it for them.
Filling out your profile for your friends to see also do so for the company to fill out the blanks, they allow political movements to join in and use their platform to organize, just so they can get a list of who joins what, even your shopping and wish list is shared so they know what do you want and they can sell ads to the companies who want to sell it to you.

But how much is all this worth?

In online marketing there is no way to actually control who has "seen" your advertising so the way they charge for it is for the people who actually clicked on your ad (cost per click or CPC)
Just the service of focused advertising makes Facebook ads worth between $0.50 to $4 a click (which would mean it got the interest of one person)

Average Facebook CPC & Other Benchmarks by Industry in 2019

Industry	Avg. CPC	Avg. Click-through Rate	Avg. Conversion Rate
Apparel	$0.45	1.24%	4.11%
Automotive	$2.24	0.80%	5.11%
B2B	$2.52	0.78%	10.63%
Beauty	$1.81	1.16%	7.1%
Consumer Services	$3.08	0.62%	9.96%
Education	$1.06	0.73%	13.58%
Employment & Job Training	$2.72	0.47%	11.73%
Finance & Insurance	$3.77	0.56%	9.09%
FItness	$1.90	1.01%	14.29%
Home Improvement	$2.93	0.70%	6.56%
Healthcare	$1.32	0.83%	11%
Industrial Services	$2.14	0.71%	0.71%
Legal	$1.32	1.61%	5.6%
Real Estate	$1.81	0.99%	10.68%
Retail	$0.7	1.59%	3.26%
Technology	$1.27	1.04%	2.31%
Travel & Hospitality	$0.63	0.90%	2.82%

(Source: WordStream)

An average Ad campaign for a small company would mean at least $10.000 a month and the best part, it is for each company so the information is sold once and again and again and again....
Facebook has made more than $1 billion per quarter just from ads alone which certainly tell us more from the financial value of our data than any other points of worth, but there is more....

Political Value
Cambridge Analytica,  currently a bad word in the commercial world, but not so a few years ago it was one of the most successful advisors in regards of... political campaigning using focused advertising.

Countries where SCL Elections claims to have worked
US
UK
Argentina
Colombia
Guyana
Uruguay
Trinidad and Tobago
Grenada
St Vincent and the Grenadines
Saint Lucia
St Kitts & Nevis
Antigua and Barbuda
Cyprus
Nigeria
Gabon
Kenya
Zambia
South Africa
Latvia
Lithuania
Ukraine
Romania
Italy
Moldova
Albania
India
Pakistan
Nepal
Thailand
Indonesia
Philippines
Mauritius

The financial gain in politics is enormous and as per their results the ammount of data they brought in from our social networks did paid its due.
So as far as getting paid for your data it might be worth around $100 - $200 but as companies go each person data can be monetized for million

Reference
https://www.adweek.com/digital/facebook-lookalike-audiences-help-advertisers-reach-users-similar-to-current-customers-others-in-their-database/
https://www.technologyreview.com/s/427941/the-biggest-cost-of-facebooks-growth/
https://adespresso.com/pricing/
https://www.usatoday.com/story/tech/2019/07/14/facebook-twitter-how-much-data-worth/39677311/
https://www.aljazeera.com/ajimpact/data-worth-bill-google-190624204901419.html
http://stenor.github.io/
https://www.huffingtonpost.ca/carlos-de-torres-gimeno/big-data_b_4817705.html
https://blog.hubspot.com/marketing/where-do-marketers-get-leads-data
https://www.theatlantic.com/technology/archive/2012/03/how-much-is-your-data-worth-mmm-somewhere-between-half-a-cent-and-1-200/254730/
https://medium.com/wibson/how-much-is-your-data-worth-at-least-240-per-year-likely-much-more-984e250c2ffa
https://fee.org/articles/how-much-is-your-data-worth-to-tech-companies-lawmakers-want-to-tell-you-but-they-have-no-idea/
https://www.forbes.com/sites/stephanzoder/2019/08/06/how-much-is-your-data-worth
https://fitsmallbusiness.com/how-much-does-facebook-advertising-cost/