
There’s a lot of buzz in the marketplace these days around SIEM, which is Security Information and Event Management. I’ve had people tell me that their SIEM technology isn’t of much use, and others tell me that it’s critical to their business’s everyday security posture. The vast difference between those two is usually the same thing, which is how the related tools are deployed, and what the staff around them looks like.
In a mature security posture, SIEM is only one component of a much broader acronym. While we do employ SIEM for many of our customers, it’s actually a small piece of a term called Managed Detection and Response (MDR). Our team of security analysts provides these real-time MDR services to our customers. But, little known to most, they actually provide MDR for our own organization as well. We call it “eating our own dogfood.”
MDR helps you avoid data-breach landmines
The world of MDR involves a lot of pieces. It includes developers who understand how to ingest information, and security analysts who know how to communicate to those developers the intelligence they need to derive from the information. The SIEM is a typical tool used in that process as a platform for the developers to implement the rules and turn the information into actionable intelligence.
Sorting through the mess of false positives and useless information is a science in and of itself. Behind the scenes, senior security analysts are doing “threat hunting”; they’re taking the intelligence produced by the system, correlating those events with what they already know, and using that to notify customers in real time when there are suspicious things going on that warrant more review. In many of those cases, it’s an active attack that’s knocked down immediately.
Where does your MDR function reside?
Large enterprises with massive IT budgets typically implement a SIEM and have the necessary IT staff to maintain and monitor it (i.e., MDR). By contrast, smaller and mid-sized organizations typically do not succeed in gathering intelligence from their SIEM because they don’t have the necessary internal expertise and staffing levels. In those environments, we often see the SIEM being used by a forensic investigator, trying to determine why a breach was ongoing for months. In those cases, outsourcing MDR to a managed security service provider—before you have to engage a forensic investigator—is the ideal solution.
In the end, you can implement all the right tools and still miss an intrusion. The answer lies not only within how good your tools are, but also in who’s watching your environment.
Contact us today to learn more about how to maximize your cybersecurity functions by supplementing your organization’s security threat management efforts.
Recommended For You

6 Cyber Security Tips for Combating Threats During a Pandemic
Throughout the pandemic, cybercriminals have been playing on the uncertainty of the moment and people’s fears. The best defense is ...

Cybersecurity-Related Financial Risk as a Board Imperative
Over the last few years, organizational board members have taken an increasing interest in cybersecurity as a financial risk.

Don’t Get Hooked by the W-2 Phishing Scam
With the U.S. tax season now in full swing, you can expect to see the return of another seasonal phenomenon: ...

Innovation, Data and Technology at PDI
Hear PDI’s CTO Chris Berry discuss the future of innovation at PDI with VP Engineering, Vlad Collak and the “Big ...