Cybersecurity Wrap-up: SIEM Practices and Tips from NIST

In 2020, proper cybersecurity measures are a vital need for all kinds of organizations. The business world has changed, and now, not only big companies are the target for cybercriminals. 

Instead, everyone has become a valid target for malicious agents to damage and profit.

In the following lines, we will review some of the cybersecurity essentials that come from SIEM theory, what NIST has to offer, and recommended practices.

SIEM and its Capabilities

If SIEM doesn’t ring a bell for you, it means Security Information and Event Management, and it refers to the set of tools, resources, and practices to unify the effective management of security incidents that take place in an organization.

SIEM combines SIM and SEM practices to upgrade management capabilities, recollecting valuable data from different sources, analyzing it, and generating reports that can be very useful to the IT team in charge.

Core capabilities in SIEM include log management (the process of organizing and centralizing all collected data), event correlation (the process of establishing relationships between recollected data), and threat detection (the process of creating triggers and alerts for potential attacks and breaches).

SIEM Implementation

Now, how a business, no matter its size, can implement SIEM? The truth is that every organization, according to its particular characteristics, will have to study and determine how to conduct such implementation with the help of an IT specialist.

Generally, organizations have three main options for implementing SIEM:

1. Finding and implementing a pre-defined SIEM system that is adequate for the business’ characteristics
2. Hiring a managed security service provider to outsource the whole process and forget about the difficult and costly parts in-house
3. Defining which is essential in terms of SIEM capabilities for your organization and have a professional to build and implement a custom-made platform

Essentials for NIST

In the past years, NIST (National Institute of Standards and Technology, a science lab founded and managed by the U.S. Department of Commerce) made several steps further in developing a fully-fledged cybersecurity framework for critical infrastructures systems in the U.S called NIST Cyberframework or CSF. The idea is to protect America-based businesses from the growing threats in cybersecurity.

CSF consists of five essential functions or areas that aim to cover and protect every single aspect of a business on a digital plane. These functions are – identify, protect, detect, respond, and recover. 

Naturally, all practices recommended by NIST for full compliance with its standards are too broad and specific to be detailed here. However, the following is a quick review to have a good idea of what to expect, summarized in nine steps:

1. Determine and categorize the data that needs to be collected
2. Define a bare-minimum baseline of the controls that must be implemented
3. Determine, schedule, and run risk assessments to improve and enhance controls
4. Document in detail the controls in the broader security plan
5. Implement and execute controls in all the relevant information systems and applications
6. Understand and document the effectiveness level of implemented controls
7. Study and determine the level of existing risk based on the conducted assessments
8. Enable and authorize the information system processing
9. Monitor and propose improvements for the security controls on place

The detailed process to follow the recommended practices by NIST involves a demanding yet essential work by IT specialists. However, this framework has become a mandatory standard in many industries, and as a result, its implementation has become increasingly more accessible and affordable.

As mentioned before, cybersecurity has become a fundamental need for all kinds of organizations nowadays. Long are gone the days that cutting-edge mechanisms were something exclusive to large corporations. 

The cybersecurity aspects reviewed above represent just a part of what businesses can do to protect themselves from the threats lurking out there. However, these are also a good starting point for those organizations lagging, especially in DevOps-oriented security.