Organizations are becoming increasingly digital in their operations, products and services offerings, as well as with their business methods. This means they are introducing more technology into their environment. At the same time, they have shrunk their IT shops – in particular, their infosec teams – and have less visibility into their environment and operations. While they are trying to do more with fewer staff, they are also falling behind in terms of tracking potential security alerts and understanding how attackers enter their networks. Unfortunately, threats are more complex as criminals use a variety of paths such as web, email, mobile, cloud, and native Windows exploits to insert malware and steal a company’s data and funds.
There has to be a better way, and one strategy is for enterprises to be more effective at managing their digital risk by better detecting changes in user behavior. The ideal situation is to do this through both adaptive authentication and more advanced security and information event management systems (SIEMs) that use continuous detection to monitor a wide collection of server logs, user movements, and data flows.
The concept of a SIEM was first coined by Mark Nicolett and Amrit Williams of Gartner in a 2005 report. Those days seem so simple in the light of today’s events. The pair defined a typical SIEM to examine real-time event management that could be correlated to historical data.
So, what has happened in the intervening years? For one thing, users continue to behave badly and continue (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by David Strom. Read the original post at: http://www.rsa.com/en-us/blog/2018-08/new-ways-to-manage-digital-risk.html