Netsurion Extends SIEM Service Reach to Remote Users

Netsurion has extended the reach of its security information event management (SIEM) service to now include remote offices and employees working from home.

Company chief strategy officer A.N. Ananth said Remote Workforce Threat Detection is being added to its EventTracker SIEM platform at no extra cost. That capability detects behavior anomalies and indicators of compromise and then sends alerts to IT security teams along with recommendations on how to block a potential threat.

Ananth said EventTracker already employs machine learning algorithms to enable cybersecurity teams to better secure on-premises and cloud computing environments. The company is now extending that capability to include support for a wide range of virtual private networks (VPNs) and software-as-a-service (SaaS) applications that many end users are now accessing directly from home.

In the wake of the COVID-19 pandemic, it’s still not clear how many employees will be returning to the office and when. The pandemic continues to spike in different regions at different times. Organizations are also expected to enforce social distancing policies in the office that might result in only a fraction of employees being allowed to work in the office on any given day. Regardless of when employees are officially allowed to return to the office, Ananth noted it’s apparent that more of them will be working from home a lot more often.

As a result, he said, cybersecurity policies and frameworks will need to be extended to address the so-called new normal. It’s also only a matter of time before auditors start asking pointed questions about how cybersecurity policies are being enforced when employees are working from home.

However, rather than charging extra for that capability, Ananth said it’s incumbent upon vendors to enable IT security teams to adjust to this new reality without incurring massive additional licensing fees.

Netsurion is already monitoring 6 billion events every day from its security operations center (SOC), said Ananth. Each organization will need to decide whether they want to allocate resources to develop similar security monitoring capabilities or consume EventTracker SIEM as a service. Netsurion is betting that in the wake of the economic downturn brought on by the pandemic, more organizations are going to lean toward consuming security as a service instead of making their own capital investments in a SOC.

Ananth said cybercriminals have already proven adept at launching phishing attacks that purport to have information pertaining to the COVID-19 pandemic against employees working from home. If employees were working in an office, most of those phishing attacks would never reach their destination. However, with employees currently on networks that are not as secure, chances are much higher that employees will click on a link that downloads malware or steals their credentials. Cybersecurity teams clearly need to extend the reach of their IT security frameworks to cover a much wider range of endpoints and cloud applications, he noted.

It’s not clear how quickly cybersecurity teams will adjust to this new reality. However, what is certain is many of them are running out of time as the attacks being launched against end users working from home become more targeted and sophisticated.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 552 posts and counting.See all posts by mike-vizard