Did you know that every 11 seconds, a business becomes a victim of a cyberattack? Here’s a lesser-known fact. Signs of the attack could have been present for a long time, written in the firewall, server, or endpoint logs. The challenge is not the data. The question is, how quickly can an organization leverage that data to help with the threat?
As the Global SOC Operations Director and the Acting CISO at DefendEdge, I view SIEM not just as a tool for analysts. I believe that SIEM is the key to effective governance, operations, and risk accountability for both our customers and our internal teams.
At DefendEdge, we use Security Information and Event Management (SIEM) as the heartbeat of the Security Operations Center (SOC). It’s not just a log collector, but a real-time threat detection, noise reduction, incident response hardening, and compliance enabling engine that powers on-demand, actionable intelligence.
Proactive Threat Detection
Our SIEM consolidates logs from firewalls, servers, and endpoints, normalizes them, and then correlates the data to detect patterns and anomalies. For instance, SIEM correlation alerted us recently about several login attempts from an overseas IP location that kept failing but had not stopped for even a day.
Based on this alert, we blocked a brute-force attack before it could even breach some critical servers.
For the SOC Director, this represents the value of continuous monitoring and data correlation in on-demand, actionable security intelligence. However, as a CISO, this highlights the need for threat visibility to be a top governance focus, ensuring that early signs of risk are not missed.
Noise Reduction through Automation
One thing we were not willing to fall victim to is alert fatigue. We fine-tuned our SIEM rule set over time and utilized automation to cluster alerts, ensuring that only the most relevant results were shared with our analysts.
This meant our analysts were no longer spending time on false positives, but on actual threats that were valid to invest time into for further investigation.
From the SOC Director’s point of view, this is the power of automation, which ensures operational efficiency and faster Mean Time To Detection (MTTD). For the CISO, it also validates that their investment in security automation is improving the organization’s threat response maturity.
Hardening Incident Response
Captured by the SIEM, cyber alerts and high-level patterns trigger workflows to aid analysts in data gathering, forensic analysis, and subsequent classification.
A few weeks ago, our SIEM helped us trace a malware infection in one of our honeypots all the way back to the endpoint source in less than 15 minutes. We could start the containment and remediation processes on that host while the damage was still limited to that one location. In short, it was quick and surgical due to SIEM.
Leadership can also relate to this from an incident response hardening perspective and an accountability standpoint. The SIEM aids in ensuring that both the action taken on each alert and the documentation of the workflow for audit purposes are aligned with both internal standards and external regulatory requirements.
Driving Compliance
Another big win here is helping our clients be compliant with various regulations like PCI-DSS, HIPAA, etc. With the visibility that SIEM gives on incident activity, auditors are shown that the respective client followed through on proper incident response processes.
This is where it also becomes a governance tool from the CISO lens, by bridging the technical and evidentiary gap between SOC teams and executive-level stakeholders to enable both internal stakeholders and external clients to validate and understand that controls are operating as expected.
This helps to improve the overall compliance posture of the organization and build trust with clients.
Why Fortinet Is the Perfect Partner
The most effective in our cybersecurity ecosystem would not have been possible without the FortiGate NGFW firewalls, FortiSIEM, FortiAnalyzer, EDR, and threat intelligence services. Each of these components plays a key role in building out a comprehensive defense-in-depth strategy.
When deployed together, they form a Fortinet Security Fabric, or a unified framework that spans the entire attack surface from perimeter to core. This allows us to deliver not just visibility but real-time, holistic, and proactive threat response for our customers.
Operationally, this allows for better ease of integration and analysis. But from the CISO perspective, it’s also about strategic alignment between technology investment and demonstrable risk reduction. Two pillars that I believe make up an effective security governance framework.
Conclusion
Log monitoring and SIEM are not just a reactive security approach. They are the building blocks of a forward-looking security posture. By tapping into automation, actionable intelligence, and transparent and seamless integration with Fortinet’s security fabric, we can make sure that threats are dealt with before they have the chance to fester.
The value of SIEM is most clear to me in its duality: how it enables our SOC teams with near real-time visibility and how the same ability to continuously see and respond to threats is also providing executive leadership with the measurable assurance that investment in security is leading to a reduction in risk.
As both the Global SOC Operations Director and Acting CISO, I view SIEM as the connective tissue between day-to-day operations and high-level executive leadership, or the heartbeat of security operations, for that matter.
Wesles Lubin
Global Security Operations Director/ Acting CISO
References
- Cybersecurity Ventures. (2022). Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Retrieved from https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
- National Institute of Standards and Technology (NIST). (2018). NIST SP 800-137: Information Security Continuous Monitoring (ISCM). Retrieved from https://csrc.nist.gov/publications
- Fortinet. (2024). Fortinet Security Fabric Overview. Retrieved from https://www.fortinet.com/products/fortinet-security-fabric
- PCI Security Standards Council. (2024). PCI DSS v4.0. Retrieved from https://www.pcisecuritystandards.org
- U.S. Department of Health & Human Services. (2024). HIPAA Security Rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/index.html
Leave a Reply