US government hack highlights need for startups to develop SIEM and IDS solutions

Senate Intelligence Committee says the hack is thought to have originated in China

A major hack on the US government has highlighted the need for fresh thinking in two particular types of security systems - security information and event management (SIEM) systems and intrusion detection systems (IDS).

The breach saw almost four million sensitive records leaked by what US government officials initially claimed was China.

The hack led leading cyber security expert William Buchanan, a professor at Napier University, to write a blog post on LinkedIn, where he explains the need for enterprises and governments to adopt increasingly sophisticated SIEM and IDS solutions.

IDS technologies fire events on possible security breaches that are then collected, logged and analysed, while SEIM technologies enable organisations to create a dashboard that they can use to manage the events that are coming in, in real-time and historically. Typical SIEM packages include HP ArcSight, IBM QRadar and Splunk.

"The need for SIEM and IDS increases by the day, and risk around data loss detection and prevention (DLP) also increase," he wrote. "Companies need to invest in developing SIEM infrastructures, and look to employ analysts to analyse these on a continual basis.

"Data is the life blood of most organisations, and probably one of its important assets, along with hold information on behalf of others. The Sony hack highlighted how embarrassing it is to leak information, and now the contents of sensitive emails now are searchable in Wikileaks."

Startups should also focus on developing identity management software, as this is another area that is not currently meeting today's requirements

One UK startup already developing security technologies across these fields is Darktrace in Cambridge, which is backed by Autonomy founder Mike Lynch.

Dave Palmer, CTO at Darktrace, said: "As the Office of Personnel Management [the government department that was hacked] and other parts of the government look to beef up their security, they need to radically rethink their strategy and build in an 'immune system' style of continuous monitoring, which helps them see the first signs of compromise within their networks and can adapt to its changing environment.

"It is critical that they lead the world in their departure from the status quo, using new advanced technology, as well as people, to improve their self-awareness of what is happening inside their own system and spotting suspicious activity, while there is still time to change the outcome."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags governmentHPLinkedInIBMsplunk

More about ArcSightAutonomyDLPHPSonySplunk

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sam Shead

Latest Videos

More videos

Blog Posts