Log analysis is the most commonly used method for detecting unauthorized access to IT resources, especially security information and event management (SIEM) systems.
Their are a couple of pros to using a SIEM system, such as companies using a SIEM system are better able to quickly detect and contain cyber-crimes than those companies not using SIEM. In addition, companies using a SIEM system also experience a substantially lower cost of recovery, detection and containment than non-SIEM-using companies.
However, although companies using a SIEM can have an advantage over those who don’t, they are still limited in their scope of capabilities. This is due to one MAJOR and CRITICAL flaw–they cannot perform analysis and generate alerts on every application. They can only perform analysis and generate alerts based on the data they receive, thus, seriously hampering the software’s ability to identify most unauthorized activity.
Legacy, cloud, system and consumer-oriented applications are examples of typical large SIEM “blind spots”making it a BIG mistake to solely depended on SIEMs to discover data breaches. In large organizations, which typically rely on SIEM systems, only 8% of data breaches are discovered by the victimized organization’s log analysis and/or review process. (source: Verizon Data Breach Report 2012)
Furthermore, it is extremely difficult to get a clear value from a SIEM due to the fact that extensive collections of disjointed log data do not become magically understandable because they have been correlated into a single system based on time stamps, or other markers. While simple alerts can be defined using rules which look at one or two details, detecting unauthorized activity is an elusive and extremely time-consuming goal.
Only Proofpoint ITM, which can be integrated with SIEMs, can capture every application and provide a clear pictureas to what is being done on a company’s server, thanks to high-end session recording with searchable metadata of detailed user activity logs put into simple language.
To find out how our solution can help your company remove those blinders and provide the best IT security, request a live demo.
Subscribe to the Proofpoint Blog