Enhancing SIEM Data with File Integrity Monitoring
DATA SECURITY PODCAST
In a recent podcast interview with Steve Morgan, editor-in chief of Cybercrime Magazine, Robert E. Johnson, III, Cimcor CEO/President discusses the latest views on data security, and the importance of system integrity monitoring and best practices for businesses regarding file integrity monitoring. The podcast can be listened to in it's entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today is President and CEO Robert Johnson, III. Robert has been a pioneer in the development of next-gen, system integrity monitoring, self-healing systems, and cybersecurity software. Rob, great to have you back with us.
A: Great to be back with you, Steve, as always.
Q: So a popular topic today is SIEMs, although we are going to be looking forward on this topic as you always do, we know that everyone uses SIEMs, more organizations have implemented SIEMs, and now the challenge seems to the be noise created by SIEMs. How do you reduce that noise and so that security engineers can wade through it every day and and be productive?
A: It’s a good question and it is a real challenge. You know, a SIEM is a security event and information management tool. It is basically a sophisticated log management tool that aggregates logs or events from multiple sources into one tool. So that can generate a ton of events and that’s really the challenge.
Now one of the things that all of the SIEM vendors tout is the ability to do correlation analysis, and to help whittle down all of those changes to some of the core ones that you need to worry about. And to identify events that are related, so you can get a better picture of all the things that happened that created this particular security event you may be looking into. So I believe that SIEMs are critical, a log management system is critical, and it’s a critical part of any security strategy, but that noise is something that is frustrating.
There are too many times when I’ve actually talked to security professionals and asked them if they really are looking at the SIEM. I hate to say it but there are a lot of times people are telling me "No. No to be honest, we don’t really look at that data".
And that’s just horrible because it is a great single point for collecting all of that data and events. We believe that one of the ways you can whittle it down and really hone in on what is important is by feeding data into that SIEM from a product like ours, a next-gen integrity monitoring solution. Because a tool like that will report real events, real data.
When a tool like our product, CimTrak, indicates something has changed, it really has changed. Feeding that into a SIEM, you can set up rules and consider the integrity monitoring data as the most significant variable for performing your correlation analysis. And that will allow you to whittle out a lot of noise that may not matter and focus in on just the real events that have a material effect on your systems.
A: Sounds great. Can't wait to be back with you, Steve.
To learn more about CimTrak's Next-Gen System Integrity Monitoring Software download the technical summary today.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".