Throughout the series of articles that we have been posting on the blog in 2019, we have referred to the increasing intensity, frequency, and sophistication of the cybersecurity threats that churches are battling. Given the type of personal data maintained by churches, whether in their church management system (ChMS) or other data sources, churches are a legitimate target for would-be cybercriminals.
The Nature of the Threat
Those who would compromise your technology systems and infrastructure are employing increasingly sophisticated attacks and are utilizing specialized software, algorithms, and automated attack protocols to compromise your operations in ways that are difficult to detect. IT security analysts and experts are increasingly recommending SIEM (System Information and Event Management) tools and solutions as a significant part of a comprehensive cybersecurity strategy.
What Exactly is SIEM?
At first blush, SIEM may feel like another confusing technology acronym that is far removed from ministry and probably has little practical utility for you. The truth is, however, that SIEM can play a vital role in keeping your church technology environment safe. So, you may ask, “What is SIEM, and what does it do?”
In short, SIEM tools allow IT teams to gain a holistic view of what is happening in a network in real-time and helps IT personnel to be more proactive in their fight against security threats. SIEM tools are designed to collect, store, and analyze log file data from all of your IT hardware and software. Devices like firewalls, switches, Wi-Fi systems, and intrusion detection systems all keep very detailed activity logs of the things they do and the traffic they process. In addition to these devices, your operating system (Windows/macOS), ChMS software systems, other databases, and every other software application you use also create detailed activity logs of who uses them and the purpose for their use.
Why Do I Need SIEM and What Can It Do For Me and My Church?
The amount of data generated by all of these logging activities is enormous. If you ever find yourself unable to fall asleep, I suggest that you try reading through some of these log files. You will quickly solve your insomnia problem. I promise.
These log files serve several different purposes, from helping the software and hardware vendors find and fix bugs in their solutions to providing audit trails for security and compliance purposes. The log data is beneficial, but there is a problem. There is too much of this log data for any human to adequately digest and process. Additionally, most of this data resides on the system or device that generates the data.
So, if you did want to look for information and try to correlate it between different devices or applications, you’d have to access many devices and bring all the data together manually for analysis. Given the volume of data and the disparate sources, this task would be all but impossible to accomplish manually. This is the exact problem that SIEM systems were designed to solve.
SIEM systems aggregate or collect the log data from many different sources and index and correlate that data in ways to make it easier for IT and security administrators to study, inspect, and analyze. SIEM tools give IT teams the ability to respond before and during threats proactively and to determine the specific type and nature of suspicious activity after such attempted attacks.
But wait, there’s more.
Today’s modern SIEM solutions employ sophisticated algorithms, machine learning (ML), and artificial intelligence (AI)) that automatically analyze and correlate all of the log data received and look for patterns of suspicious or malicious behavior. Well-trained physical security professionals study the behavior of individuals in person or via video surveillance. Similarly, SIEM systems analyze the traffic patterns and application usage patterns recorded in IT logs, looking for things that seem abnormal or match known patterns of maliciousness. These “potential indicators of a breach,” as they’re referred to in IT security circles, can then be sent over to IT security professionals for more in-depth analysis and vetting. By allowing the SIEM to parse the dense and detailed logs and only alerting humans to suspicious behaviors (and thereby ignoring “false positives”), the likelihood of finding and stopping actual threats is much higher.
Once confined to large on-premise solutions that were very expensive to operate and deploy, SIEM is now offered routinely as a service. This model makes SIEM benefits available to churches, ministries, and other organizations that could not previously afford these powerful, useful tools. Enable is proud to offer SIEM services backed by highly-trained security operations center (SOC) staff who spend all of their working time investigating potential security threats to our church clients.
How Do I Know if this Applies to Me?
SIEM may very well be a tool that your church should add to its cybersecurity protection arsenal. But as with any technology tool or approach, wise stewardship dictates that you conduct a careful analysis of the threats you are facing, the best strategies to deal with those threats, and the costs and efforts involved in employing chosen solutions. If you need any guidance or help in assessing the technology security risks in your church and the tools and processes available to assist you in protecting your church, please do not hesitate to contact us at [email protected].
Enable exists to Change Lives by Serving Those Who Serve. If we can serve you by helping you formulate a security strategy that works to protect your church members and technology systems, we would be delighted and honored to help.
Written by: Travis Phipps, Directory of Technology, Enable Ministry Partners