SIEM Integration

Cybersecurity and data security have become major priorities for organizations, and for good reason. In just the past two years, there have been scores of major data breaches affecting organizations such as:

  • Yahoo!, which compromised personal information for as many as 3 billion user accounts.
  • Equifax, which exposed names, social security numbers, driver’s licenses, and credit card numbers for an estimated 143 million people.
  • Edmodo, where hackers made off with approximately 78 million customer names, email addresses, and hashed passwords. That data was eventually listed for sale online for just over $1,000.

Sadly, the list goes on. And on.

So what can organizations do to prevent, or to at least minimize, cyber-attacks? One important tool in the battle to keep networks, computers, and data safe is SIEM: Security Information and Event Management. SIEM systems (such as Splunk Enterprise Security, IBM Security QRadar SIEM, and ArcSight Enterprise Security Manager) are designed to:

  • Import log files from multiple devices (with “devices” meaning anything from computers to software to other types of hardware).
  • “Normalize” these disparate log files into a single standardized format.
  • Provide tools for real-time (or near real-time) incident detection and trend analysis, and to do so across an organization’s entire spectrum of devices.

For example, by analyzing log files a SIEM system might detect an out-of-the-ordinary flurry of login attempts, an unusual occurrence that might signal the onset of a denial of service attack. By itself SIEM software cannot prevent the attack. However, by alerting you to the situation in near real-time, SIEM enables you to take action that does prevent the attack, or at least enables you to stop the attack and limit any damage.

With the release of Akamai's Identity Cloud SIEM Integration, Akamai joins the list of vendors that export SIEM events and SIEM event data. As you know, Akamai's Customer Identity and Access Management (CIAM) solutions revolve around user activities such as logins, registrations, user profile updates, and password resets. Because of this, Akamai is uniquely positioned to report not just on the fact that a person has logged on to the system, but that a specific person, from a specific IP address, and using a specific web browser, has logged on to the system. Is that a problem in and of itself? Of course not. But if someone from a specific IP address is in the process of creating multiple accounts, one right after another, well, that could be a very different story. That’s the kind of problem that SIEM Integration can identify. Akamai's SIEM helps provide protection against such problems as:

  • Credential compromise
  • Account takeovers
  • Stolen identity
  • Spoofed identity
  • Fraudulent account creation
  • Brute force attacks
  • Data scraping
  • Inappropriate or excessive use

This documentation introduces you to Akamai's Identity Cloud SIEM Integration. To that end, the documentation explores the following topics: