One of the hotter areas today is the integration of IAM and SIEM. When Identity & Access management (IAM) and Security Information Event Management (SIEM) are optimally integrated, user access compliance monitoring capabilities are increased significantly beyond what either SIEM or IAM can provide alone.
This is because IAM provides a context to user activity event data (e.g., role, entitlements, cross-referencing of multiple user IDs, account status) that can be directly leveraged by the SIEM to identify exceptions in real-time and initiate a workflow to remediate the issue. For example: triggering a suspension of all of a user’s IDs and the initiation of a security incident after detecting that an individual attempted to access critical data using multiple user IDs, after access to said data had been terminated.
To this point the challenge has been getting IAM & SIEM to integrate (dynamically share information and allow processes to be remotely initiated). Fortunately, this has become much easier as those vendors that have both an IAM and SIEM offering (Novell, CA, IBM) have included the required integration into both IAM and SIEM on our behalf. I have had the opportunity to see the Novell Sentinel IAM/SIEM integration in action at a client site. It absolutely changes the way you think about security and compliance.
Click here for an excellent Gartner technical brief on the subject.
Related Articles That Might Interest You
Free Whitepaper: Five Best Practices for SIEM
The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.
Free Download: A Best Practices Guide to Database Security
Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.
Is ISO 27001 Right for (Y)our Organization?
Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar
- How to deal with increasing threats
- How to manage multiple regulatory requirements
- How to handle client requests for attestation
- To validate that significant changes did not have unanticipated results
Free Whitepaper: Stop Wasting Money on Penetration Testing
Penetration Testing is most frequently performed to:
- Substantiate the net effectiveness of a mature control environment
- Prove to a third party that an environment is secure/trustworthy
- Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
- To validate that significant changes did not have unanticipated results
Free Download: ISO 27001 Implementation Roadmap
Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.
Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!
Download: Information Security Attestation Guide
A Best-Practices Guide to Information Security Attestation
Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
Random Article
About the Author:
John W. Verry, CISA/27001 Lead Auditor/CCSE/CRISC - "Security Sherpa" - Information Security Auditor