We have built our LogSentinel SIEM around some core principles and we’d like to share and explain them.

PSD2 is the new EU Directive that aims to open up the banks and allow non-banking institutions to provide payment services. It is a great thing but it comes with many requirements. They are in the form of implementing and delegated acts of the European Commission as well as guidelines of the European Banking Authority. The directive, the implementing acts, and the guidelines are mostly best industry practices with regard to security and risk management.

Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues.

SIEM (Security Information and Event Management) systems have a reputation for being expensive. And that’s generally correct – they can cost hundreds of thousands per year or have huge upfront costs. But why is that? There are several main reasons: All of this is changing. According to Gartner, SIEMs are going to the mid-market and these things don’t hold true there.

The number of cyberattacks has increased five-fold after COVID-19, as the pandemic brought new opportunities to cybercriminals. At this rate, cybersecurity threats are estimated to cost the world US $6 trillion a year by 2021. Since remote working became “the new normal”, it also became a growing gateway to new forms of data theft and as a result, companies face significantly increased risk of cyber-attacks and data breaches.

Alert fatigue is a well-known phenomenon with security products – the security team gets a lot of alerts (from the SIEM, for example), it tries to triage and act upon all of them, but at some point, they are so many and so few of them are actual threats, that the security team just ignores them. And that leads to both overworked security teams and an increased risk for missing an actual threat. Why is that happening? It’s hard to tweak a system right, no matter how flexible it is.

SIEM stands for Security information and event management. This technology has existed since the late 1990s. Traditional SIEM has been joined by a broad use log management technology that focuses on collecting various types of logs and events for different purposes, such as: SIEM vendors usually provide different combinations of functionalities to offer the benefits listed above.