- Healthcare cybersecurity is more important than ever as organizations look for solutions that give them network visibility along with necessary control to defend against cyberattacks. Security information and event management (SIEM) in healthcare can help organizations monitor their network and discover threats before they compromise patient data. Healthcare SIEM is a valuable, but complex infrastructure security tool.
“[SIEM is a technology that aggregates event data produced by security devices, network infrastructures, systems, and applications,” according to Gartner. “The SIEM market is defined by the customer's need to apply security analytics to event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, analyze and report on log data for incident response, forensics and regulatory compliance.”
SIEM is made up of security information management (SIM), which includes log management, analytics, and compliance reporting. It also includes security event management (SEM), which provides real-time monitoring and incident management for network, device, system, and application security events that can threaten the secure data, according to Gartner’s latest SIEM Magic Quadrant released this month.
The report included profiles on major SIEM vendors including IBM, Splunk, LogRhythm, McAfee, and Dell Technologies (RSA).
The SIEM market grew from $2 billion in 2015 to $2.167 billion in 2016, mostly because of the technology’s threat management feature, according to the report. Organizations are struggling to detect cyberattacks early, which puts patient data at risk.
SIEM solutions offer threat intelligence, behavior profiling, and analytics to help detect attacks and defend against malware and ransomware.
Entities are looking for SIEM solutions that include support for activity monitoring, application activity monitoring, incident response features, and scalability, said Gartner.
The report suggests that SIEM solutions should do the following:
- Support the real-time collection and analysis of events from host systems, security devices and network devices, combined with contextual information for threats, users, assets and data.
- Provide long-term event and context data storage and analytics.
- Provide predefined functions that can be lightly customized to meet company-specific requirements.
- Be as easy as possible to deploy and maintain.
SIEM solutions collect massive amounts of security and log data, which means that they require a lot of storage space as well as the ability to easily go back and search data. The systems need to be scalable to meet the needs of different sized organizations and the events they sustain.
While SIEM has its major benefits, healthcare organizations must consider the drawbacks before committing to SIEM. Complexity and cost are the two biggest SIEM challenges.
SIEM solutions are notoriously complex and often require a dedicated member of IT staff to manage and monitor them. A study conducted by the Ponemon Institute earlier this year suggests that the lack of available monitoring staff is a factor on why over half of organizations feel they are not getting what is needed out of their SIEM solution.
“The root of their dissatisfaction seems to be related to the complexity of the SIEM itself,” Ponemon Institute Chairman and Founder Larry Ponemon explained in a statement. “In fact, 75 percent of respondents said there is significant, or very significant, effort involved in configuring their SIEM for their organization. Obviously, this complexity can make it very difficult to extract the value they want and need.”
The study also found that only 25 percent of the total cost of ownership is related to the initial purchase of the solution, making the total cost of deploying, maintaining, and monitoring the solution unpredictable. The remaining 75 percent of the cost is typically used for installation, maintenance, and staffing.
Deploying an SIEM solution requires a dedicated IT staff member to monitor and manage it exclusively. Depending on the size of an organization, more than one staff member may be needed. However, organizations do have the option to outsource their SIEM maintenance to external contractors to reduce some of the costs.
SIEM solutions give IT security employees a consolidated and general look into an organization’s security events, which can prevent HIPAA violations and keep health data safe. While this kind of monitoring is invaluable to healthcare data, organizations need to consider what they can spend and how to best implement their staff to get the most out of a SIEM solution.