Security Update | Vol 5: SIEM, World Security News, and Patching

Bill Goldin
By Bill Goldin | Sep 6, 2017 7:00:00 AM

security5.png

During a client satisfaction survey conducted last year, we found that respondents were most likely to name security as their top priority for the upcoming year. In our continued effort to bring awareness to trending security topics and news, we will be issuing a security update on a monthly basis.

This update includes our security roundup, which looks at the best way to prepare for eventual cyber attacks. You'll also find data on trending security-related headlines, and some important notes on recent vendor patches.

We welcome all feedback as we strive to keep our community safe and secure.

 

Security Roundup: Security Information and Event Management (SIEM)

Security incidents happen – every day an individual or business receives some kind of threat, which eventually turn into a bigger issue. Anytime we experience one of these incidents with our clients, the first questions we often here are “how could this happen”, and “who did it?” Unfortunately, in a typical environment, these questions take time to answer, as the information won’t be readily available or clear to see. The data is often stored in multiple places and needs to be sorted through in order to determine an accurate portrayal of events. Your IT team can spend hours reviewing logs from firewalls, servers, workstations, and security products to find the key to the “who done it” question.

For a more effective and fast approach to deciphering where the threats are coming from, many organizations are investing in a Security Information and Event Management (SIEM) solution.  A SIEM solution combines the typical services of a security information system and security event management to provide real-time analysis of security alerts generated by your network hardware. Your firewalls, switches, servers, workstations, security applications, and other network devices proactively forward log information to the SIEM, and as it collects the data it correlates it to help identify/alert on potential security issues.  If you are following the NIST guidelines, a SIEM solution would fit under the Detect category, acting as a security guard to help monitor against attacks and raise a red flag when an issue arises.

As an example, if a machine has a virus we can use the SIEM to review the firewall, server, and other workstations to see if they have also been infected. In addition, some SIEM solutions do full packet replay which is basically a DVR for your network.  With this information, we can “rewind” to see where the first traces of the incident occurred. 

As the world gets more security conscious, we are seeing a lot of regulations that are requiring some sort log retention and the ability to clearly identify security-related events. SIEM could be a big component of becoming compliant as it does both.  The New York State Department of Financial Services 23 NYCRR 500 Cybersecurity requirements state in section 500.02 that you need to have the ability to detect cyber security events as well as respond to identified or detected cyber security events to mitigate any negative effects.  Having a SIEM solution will not only help you become compliant, but will also help you detect, respond, and recover from a cyber security incident in a much more timely fashion.

You can find more information about the NIST framework and Lloyd’s security practice here.

 

World Headlines

In this section, we highlight articles referencing important and fascinating updates in security news. 

  • The end of Flash. Adobe has announced that Flash will no longer be supported or developed in 2020.  Flash used to be essential to having graphical and interactive web pages, but now with the enhancements of technology such as HTML 5, there is no longer a need for using Flash to get the same desired results. This means that a lot of “retro” websites will be forced to upgrade their code, as the new browsers won’t have flash plugins to support them.

 

Lloyd Patch Watch

We want to give our community a "heads up" on some important updates involved in Lloyd's workstation and server patching process.

  • Microsoft’s monthly patch release addressed 48 vulnerabilities, with 25 of them rated critical.  This appears to be the new norm for Microsoft patches -  with more and more attacks happening all the time, patching is becoming a key component for mitigation.

  • Androids users should be patching their phones this month if you have not done so already.  Google pushed out a security update that fixed 99 vulnerabilities found in the operating system.   If you are not sure if you got the update, you should be manually checking for any system updates.  You can do that by going to Settings>System updates and check for systems updates.  If you have one available it will prompt you to update.

Thank you for reading our update! Please reach out with any comments, questions, or feedback.

Topics: Security Newsletter, Cyber Security, Cyber Attacks, Ransomware

Contact Us  See how Lloyd can help grow your business.  Let's Get Started!