Page 14 - time_2022_final
P. 14

NOT YOUR


                                                FATHER’S SIEM







                                            In today’s challenging IT Security environment, we need to collect, detect,
                                            investigate and respond very quickly. By leveraging artificial intelligence and
                                            machine learning on massive volumes of data, we are positioned to identify
                                            attack patterns, signatures, and correlations indicating a possible attack. By
                                            automating response processes with security orchestration, we can create
                                            playbooks that automate incident response actions.

                                            Cyber threats occur 24 hours a day, seven days a week. It is not a matter
                                            of if we will be attacked, but when. Advanced threats continue to increase
                                            on a yearly basis and insider threats have increased through spam emails.
                                            Ransomware attacks and new computer vulnerabilities continue to grow.

                                            For many years, a traditional SIEM (Security Information and Event Management)
                                            was simply a log collector with basic collection and correlation rules. While
                                            it created false positive  alerts, it was better than manually  reviewing logs.
                                            However, who doesn’t enjoy multiple hours of reading log information on a
                                            daily basis!

                                            We are pleased to say that we recently added a next generation set of IT Security
                                            tools - SIEM, UEBA (User Behavior Analytics), SOAR (Security Orchestration,
                                            Automation and Response), and Security Identity Analytics. With these new
                                            tools, we will be in a better position to fight the new risks.

                                            One  of  the  most  effective  ways  to  detect  threats  without  generating  high
                                            volumes of false positive alerts, is to create time-based behavioral baselines
                                            and continuously learn what is acceptable behavior in order to detect
                                            anomalies. This requires monitoring and analyzing massive amounts of data
                                            from a myriad of sources using advanced machine learning models and data
                                            science to pinpoint privilege abuse. This is what our tools will do, in real time,
                                            with exceptional accuracy.

                                            When an incident or event is identified, analyzed and categorized, these tools
                                            work to deliver reports and notifications to our IT Security Team. These solutions
                                            also help satisfy regulatory compliance requirements by providing staff and
                                            auditors  a  view  into  the  District’s  compliance  status  through  continuous
                                            monitoring and reporting capabilities.

     Page 14
   9   10   11   12   13   14   15   16   17   18   19