Security Information and Event Management (SIEM) solutions are designed to provide automation and visibility for security-related data across your organization. SIEM is generally pronounced "seem" or less commonly "sim."
SIEM is key to your cybersecurity compliance and does not have to be difficult if you leverage a trusted vendor. This article will provide clarity to SIEM and answer many common questions.
If you are a DoD contractor in the Defense Industrial Base (DIB) needing to report your SPRS Score, six of the security controls worth 24 SPRS points can be satisfied by the capabilities provided by a proper SIEM solution.
When it comes to SIEM solutions, there are many options. Vendors will often market their SIEM or security monitoring product to help you get compliant with Department of Defense (DoD) and Federal requirements like DFARS 7012, NIST 800-171, and CMMC... but fail to mention the SIEM they are trying to sell you is itself not compliant. Other vendors will offer you an unaffordable Government solution designed for large corporations and Government agencies. Peerless heard these frustrations from our customers, so we developed a highly compliant SIEM solution that solves the affordability problem for small and medium-sized DoD and Federal contractors.
What a SIEM does:
The industry landscape for security monitoring can be confusing due to the different types of marketing buzzwords and branding that can mean completely different things depending on the vendor.
Contrary to what many vendors market, SIEM is very limited in its ability to measure your compliance against NIST, CMMC, ISO, or any other cybersecurity frameworks. It can only see activity on your cloud, network, servers, and devices. SIEM by itself does not document your environment, conduct vulnerability scans, or confirm technical configurations. It cannot satisfy the many administrative measures (such as policy, process, and training) that are required by security controls. However, SIEM can support "continuous monitoring" of security controls, providing evidence that certain controls are implemented and violations of certain controls are detected.
The compliance requirements exist because DoD and Federal contractors are increasingly being targeted with cyber attacks. Some of these attacks come from nation-state sponsored groups and can be very sophisticated, difficult to defend against, and hard to detect. It is critically important to detect if an attacker has gained access to your organization and data.
The NIST Cybersecurity Framework1 defines standards and best practices for organizations to manage cybersecurity risk. SIEM addresses the "Detect" function and provides critical support for the "Respond" and "Recover" functions.
There are three major approaches to deploying a compliant SIEM:
The services offered by your SIEM vendor will have a significant impact on costs and whether the solution is compliant.
Vendor support of your SIEM will consist of one or more of the following increasing service levels:
Vendor operations and maintenance (O&M) of your SIEM will consist of one of the following increasing service levels:
The time, money, and resources necessary to deploy and operate a SIEM will be affected by the following:
DoD and Federal contracting compliance for SIEM should generally follow the compliance requirements for the most sensitive contract you have now or expect to have in the future. The Government has not yet clarified whether a SIEM must be treated as if it contains Controlled Unclassified Information (CUI) / Covered Defense Information (CDI). However, SIEMs often capture data that provides context and supports analysis. Because that data may contain CUI, the SIEM would be subject to the full contractual compliance requirements for safeguarding CUI. Some vendors claim to have configured their SIEM to not capture CUI data; however, extensive documentation on how they do so (configuration and process) would need to be made available to you, may not be sufficient, and would greatly complicate passing an assessment or audit.
The best rule of thumb to ensure compliance that will withstand scrutiny in assessment and audit is to place the SIEM in an environment sufficient to meet all your CUI, Export Control (e.g., ITAR/EAR), and other data protection requirements. These compliance considerations can get very complex. Peerless can help you with them!
DoD and Federal contract requirements:
Up to 15 Controls worth 45 SPRS Points are satisfied by the Peerless SIEM.
Given ever-increasing compliance requirements, your business must make one of the following choices in obtaining a SIEM: