With cyber threats becoming more sophisticated, security and information management must be a top priority. Education and awareness on best practices, trends and the latest security technologies are essential. October is National Cyber Security Awareness Month (NSCAM) and in addition to elevating our partners’ security awareness, Tech Data’s Security Solutions team is featuring its blog series, "Security Practice Foundations."
The goal of the series is to help establish a strong security-knowledge that will lead to effective security practices. In case you missed it, check out our first blog in the series, Identity and Access Management.
Click to view the video.
What Is Security Intelligence?
In order to reduce risks, organizations -regardless of size- require real time insights. Take a look at your network - how many devices and systems are connected to it? There’s probably quite a few. Every person in your business whose job involves using a computer has a connection into your company’s network. As such, each of those devices represents a potential point of entry for nefarious activity against your system or the privacy of the data in your system.
So, how do you keep your organization’s data secure? Two words: security intelligence. Security intelligence involves real-time collection, normalization, and analysis of user-generated data, applications and infrastructure that impacts the IT security and risk posture of an enterprise.1 The illustration below depicts where security intelligence resides in security domains
There are several tools and practices an organization can implement to get the most out of its security intelligence. Among the most important are SIEMs, Threat Intelligence and GRC. A brief discussion of each –what they are, the roles they serve and why they are important– is provided below.
Security Information and Event Management (SIEM)
SIEM technology supports security incident response and investigation, threat detection and compliance reporting through the real-time collection and historical analysis of security events from a wide variety of events and contextual data sources.2
In large organizations, IT support is often split into groups, each with their own responsibilities. Segregating information in this manner can make information sharing and collaboration difficult; not just during a security event, but also for day-to-day operations. SIEMs can help consolidate the information by looking at data from disparate sources to make correlations that otherwise may be overlooked.
Because new vulnerabilities and threats are being exposed daily, identifying zero-day attack is difficult because these attacks exploit unknown vulnerabilities. SIEMs can be configured to detect attacks in addition to the activity surrounding an attack that might not be detected by other security tools.
A key element of security intelligence is the ability to influence decisions within an organizations based on in-depth information about specific threats. Known as Threat Intelligence, its role is to collect signatures from public databases (NIST’s National Vulnerability Database) as well as those identified by a company’s security team, correlate them and communicate them to the company’s monitoring systems such as a SIEM.
Governance, Risk and Compliance (GRC)
GRC is the umbrella term that encompasses an organization's approach to governance, risk and compliance. According to the Open Compliance and Ethics Group (OCEG), GRC is “the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.” 3 It’s not a tool but rather a set of processes and practices that help an organization do what it’s supposed to do.4
GRC is not new. In the early 2000s, companies were addressing governance, risk and compliance through ineffective means. But with effective GRC, all three components can be integrated to address today’s challenging business climate. It can help reduce risk, improve compliance and reduce the issues that come about with organizational silos and redundancies.4
Next-generation technology provides tremendous advantages in making organizations more efficient, more responsive and more productive. In the process, it can also make them more vulnerable. Cybersecurity should be top priority for businesses. Being aware of what security intelligence is and the elements comprising it are a fundamental first step. Security intelligence is not a destination, it’s a journey and Tech Data’s security experts can help along the way. If you are interested in accelerating your security practice, contact us at firstname.lastname@example.org, 800-237-8931, ext. 73246 or download our security brochure today.
About the Author
Divya Prabakaran is an intern with the security team at Tech Data. She is currently pursuing a bachelor’s degree in Cybersecurity at the University of South Florida. When she’s not writing security blogs or doing schoolwork, she can be found in her kitchen baking and taste-testing her new recipes.