Combating the rising cybercrime trend with SIEM
by Fabian Libeau - ArcSight - Monday, 30 March 2009.
Given this rather gloomy description, what can be done?

Technologies to address the problems above are fairly mature and provide an automated method for discovering potential “cyber-criminal” activities. Security Information Event Management (SIEM) products were historically focused on analyzing network activities, but recently those same analytical techniques have been applied to monitoring fraudulent activities. The key concepts are the same: collect activity information, evaluate each activity both on its own and in conjunction with others to determine if something seems unusual, and then escalate those events that are worth immediate investigation while filtering out those that are just noise.

If done correctly, SIEM can help detect unauthorized activities, whether on the public e-commerce site or on the internal network, with fewer people and faster response. Modern SIEM products include rules, reports and dashboards tuned to monitor fraudulent activities. One financial services organization implemented such a solution and discovered and prevented $900,000 of wire transfer fraud within the first week of deployment.

Organizations that are considering a SIEM solution should think beyond simple network monitoring; the modern SIEM can do much more.

ArcSight is exhibiting at Infosecurity Europe 2009 held on 28th – 30th April in Earl’s Court, London.


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Dec 18th