VA wants SIEM as a service
The Veterans Affairs Department is shopping for cybersecurity technology that will help it meet Office of Management and Budget mandates for advanced continuous monitoring to protect its sprawling IT enterprise.
Describing its current security infrastructure in a recent request for information, the VA said it operates a robust set of network security tools, including firewalls, intrusion prevention and detection systems and anti-virus systems. These network tools also monitor the overall health of the VA network using a variety of management systems in a distributed architecture, centrally managed from VA’s network and security operations centers (NSOC) in Martinsburg, W.V. and Hines, Ill.
Now VA wants to acquire new technology – security incident event management as-a-service or SIEMaaS – to help manage this portfolio of security services and tools across the VA enterprise Event data will be received from the four VA Trusted Internet Connection gateways, all regional data centers and enterprise security systems.
“The SIEMaaS will support VA NSOC’s mandate to manage, protect and monitor the cyber security posture of the entire VA enterprise,” according to the notice.
SIEM tools gather and analyze information and log security activity at network and security endpoints. The VA said a SIEMaaS capability would improve its ability to analyze cybersecurity events, maintain detailed logs of security incidents and perform incident management and response, vulnerability scanning, event correlation and analysis, audit log analysis, patch distribution and remediation planning.
SIEM is an approach to security management that provides a “holistic view” of an organization's IT security, by deploying collection agents to gather security related events from end user devices, servers and network equipment. The collectors then forward events to a centralized management console, which performs inspections and flags anomalies, according to a TechTarget article.
SIEM systems are now being offered as a service. NTT Com Security, which calls itself an outsourced log management and log analysis service, said SIEMaaS can provide a central, long-term storage solution for log data, across any platform or application and offers continuous monitoring and analysis of security information.
As of November 2014, Mosaic Security Research identified 73 SIEM and log management products on the market.
Connect with the GCN staff on Twitter @GCNtech.