By Matthew Sutton, Director of Cybersecurity Operations at Avid Communications
When speaking with an Avid Account Executive, you will hear them talk about Avid’s SIEM and how it sets Avid apart in the small business, Next Generation Firewall (NGFW) space. I imagine you’re now asking yourself, “What is a SIEM? What’s it have to do with firewalls? And what makes it so important?”
SIEM is an acronym that stands for Security Information and Event Management.
Knowing what the acronym means doesn’t give you much insight into what a SIEM actually is or what it does. A SIEM is a sophisticated monitoring system that uses logging from the NGFW appliance to enhance overall security. When anything on your network traverses the firewall, the firewall logs the event and sends it to our SIEM. Our SIEM takes a look at all the logs and makes decisions based on much broader information than the firewall itself can.
A great example of this is alerting our team if a potential bad actor is aggressively scanning the NGFW we are managing. The firewall itself doesn’t realize that there has been a jump in traffic, but the SIEM can see that the traffic has exceeded a baseline and will alert our team of the incident. The Avid SIEM analyzes logs 24/7 and makes determinations as to whether the behavior the firewall is reporting is “normal”.
Why is that so important?
The SIEM’s ability to monitor and alert allows Avid to react in almost real-time to threats as they happen.
If a VPN account is compromised and the SIEM suddenly sees a user log in from outside the United States, it will alert our team so we can shut the account down immediately to stop a potential threat.
Our SIEM monitors network health as well. We receive alerts if a connection has become saturated, which could indicate misuse by an employee or simply tell us it’s time to look at more bandwidth.
Lastly our SIEM is not only making these determinations, but it is also storing all of the logs it is sent (typical firewalls store about a days’ worth of activity). This log storage gives us the ability to look backward and troubleshoot events that have already occurred without having to wait around for the next time they may happen. It also allows us to identify patterns and issues that may be chronic but not timely.
When paired with our NGFW appliance, all of these functions and features allow us to deploy a powerful security product in the small business space at a price that makes it accessible to small businesses.
You’re probably hearing a lot more about cyber attacks, security breaches, etc. If you want to make sure your business has intelligent protection against these attacks, give us a call to talk about NGFW and SIEM.