PUBLIC SECTOR

Three Ways Machine Data Makes Your SIEM Better at Security

All data is security relevant is a mantra that security practitioners should get used to saying. But knowing what sources you need to tap into to improve your security posture can seem like a daunting task. It doesn’t need to be.

Data sources are a way companies solve the security issues causing them pain or issues that may cause harm. So what exactly is a data source? It can be almost anything from the machine data being generated by your existing firewall to online web logs. Just what data sources you tap into depends on your security use case.

There are already companies that have found unique ways to leverage machine data to work for their specific needs – whether they need to keep a server online, protect a city or to secure a department store’s cash registers. Let’s look at a few examples:

SIEM1

Equinix wanted a centralized security information and event management (SIEM) solution to give it a unified view into its global security infrastructure, while accelerating its time-to-value by hosting that solution in the cloud. To do this, Equinix tapped into the following data sources:

  • Firewalls, VPNs and other security systems
  • Intrusion Prevention and Detection Systems
  • F5 load balancers
  • Host-based intrusion management platform
  • Microsoft Active Directory
  • com
  • UNIX and Windows servers

The setup resulted in Equinix gaining operational visibility across its infrastructure — reducing 30 billion raw security events to about 12,000 correlated events and into 20 actionable alerts.

Downtown Los Angeles seen through a traffic camera.

Downtown Los Angeles seen through a traffic camera.

The City of Los Angeles needed a scalable SIEM solution but for different reasons. The nation’s second most populated city needed to secure its real time, citywide 24/7 surveillance network. The city set up a cloud-based SIEM solution to improve the protection of its digital assets, share security information with federal authorities and improve communication with the public the city serves. Los Angeles plugged into the following data sources to achieve its goals:

  • Firewall logs
  • FireEye Threat Prevention Platform
  • Intrusion prevention/detection systems
  • External threat intelligence feeds
  • Switches and routers

Retail stores face unique security challenges compared to data centers and city governments. Stores must secure online accounts and point-of-sale (POS) systems, eliminate malware and other vulnerabilities, and keep up with stringent compliance standards.

One luxury retailer concerned about security breaches impacting its customers and brand reputation, installed an analytics-driven SIEM solution. The retailer needed an all-in-one solution to protect customer data as well as meet strict PCI and security compliance regulations. The retailer was able to get its SIEM up and running in six weeks by tapping into the following data sources:

  • POS application logs
  • Firewall syslogs
  • Microsoft Windows events
  • UNIX/Linux logs
  • Juniper VPN syslogs
  • F5 BigIP Load Balancer and F5 ASM syslogs
  • SourceFire eStreamer syslogs
  • Aruba switches syslogs
  • CISCO ACS and IOS syslogs
  • Web server logs

Are you interested in learning how machine data can support an analytics-driven SIEM solution and improve your security posture? See why Gartner named Splunk a leader for the fourth consecutive year.

Related:
Make Security Incidents Less Scary By Organizing Your Response
Stop Security Threats With Real-Time Data Monitoring

Girish Bhat
Posted by

Girish Bhat

Girish Bhat is the director of security product marketing at Splunk with responsibility for key security solutions, the Splunk CISO customer advisory board and customer use cases.

Previously, Girish held various roles managing authentication, compliance, VPN, advanced threats, DLP, IDS/IPS, mobile, SaaS, IaaS, virtualization and network monitoring solutions.

With more than 15 years of experience with startups and global brands, Girish’s experience includes product marketing, business strategy, strategic analysis, solutions marketing, product management for security, mobile, networking, cloud and software products.

Join the Discussion