Page 20 - TIME NEWSLETTER FALL 2022
P. 20
THE DISTRICT
HAS A SIEM!
The IT Security Department has purchased a new Security Information and
Event Management (SIEM) system in order to continue protecting the District,
its students, and staff. So, what is a SIEM? A SIEM offers its users real-time
monitoring and analysis of events that take place on the District network.
Further, it provides advanced data tracking (logs) and the ability to display
numerous types of logs in readable and actionable ways. This enables the
District to identify potential security threats and vulnerabilities before they
have a chance to cause chaos on the network.
The SIEM the District acquired takes this one step further by using anomaly-
based detections and Security Orchestration Automation and Response
(SOAR) to automate manual processes. This makes the IT Security team
more agile and quicker to respond to threats. Leveraging next generation
machine learning and artificial intelligence (AI), the SIEM becomes more
knowledgeable on what ‘normal’ activity looks like and can spot any deviation
from this baseline to stop attacks in their tracks.
The ability to send logs from virtually any device that is part of the District’s
infrastructure (e.g., firewalls, routers, etc.) exemplifies why the SIEM is
considered the cerebral cortex of the IT Security department’s toolset.
Reporting on and responding to threats has never been easier as this product
actually helps prioritize threats for our Security Administrators using a risk-
based approach. As threat actors continue to try to do ‘bad things’ and new
computer system vulnerabilities are found, IT Security will continue in its
pursuit to combat the threats of tomorrow. The SIEM is one of the many ways
we are succeeding in that pursuit.
Page 20
