Protecting Critical Infrastructure: The Role of Next Gen SIEM in Securing Modern Utilities

However, the recent major attacks have not compelled most organizations to respond with urgency. According to the 2022 Thales Data Threat Report: Critical Infrastructure Edition, “awareness of changing risks is high among critical infrastructure organizations, but this hasn’t accelerated how organizations address them.”

This should not be the case, especially with the availability of reliable modern cybersecurity solutions. One of these solutions is next generation security information and event management (NG-SIEM). An update to traditional SIEM introduced in 2005, Next gen SIEM helps organizations respond to threat alerts and security events more efficiently. It addresses the new challenges in the ever-evolving cyber threat landscape.

Addressing the weaknesses of traditional SIEM

Traditional SIEM is associated with the following weaknesses: slow deployment, high complexity, too much noise, incompatibility with the cloud ecosystem, and high cost. Next generation SIEM addresses these by providing new tools and functions that make it easier to manage security data and respond to security incidents.

Next gen SIEM is a significantly improved iteration of SIEM, as it is often a SaaS solution that unifies various security tools in a single platform with an enhanced user interface and user experience. Also, it comes with advanced analytics, big data technologies, artificial intelligence, and open integration with security orchestration, automation, and response (SOAR) systems. NG-SIEM may also include user and entity behavior analysis (UEBA) functions and data modeling plugins.

Deploying SIEM used to take months because of its complex setup and the need for multiple admins to manage various security data sources and re-route security events information. With next gen SIEM implemented as a software-as-a-service, organizations do not have to deploy, configure, and maintain a system on-premise. The system operates on the cloud and can be accessed from anywhere. Plugins may also be installed to expand the Next genSIEM system’s capabilities.

On the other hand, traditional SIEM is known for generating too many security alerts, which makes it difficult to address critical and urgent security events in a timely manner. This was not an issue before, because of the fewer types and less aggressive attacks. Now, next gen SIEM is necessary to correlate and contextualize security alerts, so that they can be prioritized and addressed promptly. Prioritization prevents tons of irrelevant/benign alerts and false positives from burying critical or urgent alerts and events.

Moreover, traditional SIEM is not cloud-friendly. It is difficult to achieve security visibility into cloud assets. Organizations that use cloud systems and hybrid IT infrastructure have to use other tools to manage all enterprise security information and events. This entails more complexity, slower deployment, less agility, and an incomplete grasp of the cyber threat situation. next gen SIEM is designed to seamlessly encompass cloud security and ensure an optimum security posture.

Next Gen SIEM and EO 14028

Last May 2021, US President Joe Biden signed Executive Order 14028, entitled “Improving the Nation’s Cybersecurity.” This EO requires all federal government offices and agencies to bolster cybersecurity by ensuring endpoint protection, clearly defining system logging requirements, enforcing unified audit logs, and improving cybersecurity capabilities to gain more meaningful insights into actions that affect user accounts and systems.

The White House acknowledges that Biden’s EO 14028 was drafted in response to the succession of serious cyber attacks on critical infrastructure. The frequent ransomware and other forms of attacks targeting crucial public utilities and other major infrastructure have alarmed the Executive Department, as they endanger national security and the lives of the public.

next generation SIEM fits into this mandate for heightened cybersecurity, as it corresponds to EO 14028’s order to unify audit logs and define system logging requirements more meaningfully. Audit logs, in particular, were mentioned in three technical sections, pointing out their importance in ensuring timely incident response and security awareness or visibility.

Also, next gen SIEM represents a cybersecurity upgrade that takes into account the new kinds of threats organizations encounter, especially those related to the cloud. The widespread use of cloud assets and solutions has provided significant benefits, but it has also created more vulnerabilities and attack surfaces for threat actors. It is crucial to gain security visibility into these assets and systems.

Securing modern utilities

The attack on Israel’s water systems, ransomware infection of San Francisco’s Municipal Railway light-rail system, and the more recent Colonial Pipeline attack prove that critical infrastructure is not only vulnerable to cybercrime. They are also being actively targeted by threat actors, especially state-sponsored hackers.

Often, critical infrastructure IT teams do not pay meticulous attention to cybersecurity. In Colonial Pipeline's case, for example, the main vulnerability was an exposed VPN account password, which was used for another account in a different location. It’s a vulnerability that could have been easily plugged by multi-factor authentication.

Next gen SIEM helps modern utilities in preventing potentially disastrous cyber attacks by raising alerts over all kinds of vulnerabilities such as the lack of MFA in securing accounts. next generation SIEM provides real-time monitoring and alerts to make sure that security weaknesses are rectified as soon as possible before they are spotted and exploited by threat actors.

Also, NG-SIEM harnesses artificial intelligence to automatically conduct security analysis. This allows security teams to detect abnormal or malicious data movements, which can indicate the early stages of an attack or an ongoing anomalous activity that initially appears harmless but is actually a high-impact attack.

Next gen security information and event management does more than just monitor logs from various sources. It contextualizes them and establishes priorities to reveal urgent security concerns that would otherwise be left unnoticed because of the deluge of security alerts and events information.

Moreover, next gen SIEM affords even late adopters of modern cybersecurity technologies with the ability to quickly deploy, expand, and utilize an up-to-date security information and events management platform. Its scalable architecture as well as its SaaS multi-tier, multi-site, and multi-tenant nature allows almost all kinds of organizations to quickly adopt the system and fend off threats effectively as soon as possible.

Critical security for critical infrastructure

Power plants and grids, water systems, railway systems, manufacturing and industrial facilities, gas pipes, and other critical infrastructure may not look like the flashy high-tech gadgets many are familiar with. However, they usually have digital footprints and web-enabled components that expose them to cyber attacks.

Certainly, reverting to analog systems is not an option. What modern utilities need are better cybersecurity solutions that can undertake continuous monitoring, AI that helps contextualize and prioritize security alerts, and real-time security monitoring that can facilitate prompt threat response. Next gen SIEM embodies all of these and provides many other features to protect critical infrastructure.

Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.

Note: Some of the information in samples on this website may have been impersonated or spoofed.