Your organization should proactively prepare for a security event, rather than reacting after the fact.  Our Support Services provides guidance on when you need RMM or a SIEM and how you can optimize the solutions in your environment.  With Remote Monitoring and Management (RMM) Services, your organization will have visibility of events before they occur or may impact your environments up time. With a Security Information Event Management (SIEM) solution, your organization will have a better defense on security incidents before they impact your environment.

Are both solutions really necessary for your company to invest in?

Yes. Both solutions have an important role in your environment. Based on industry trends, in the coming years device health monitoring and security monitoring will not be separate services. If you subscribe to technical newsletters, you will see that several organizations are joining forces, such as Avast with AVG, Symantec with Lifelock and Solarwinds with LogicNow.

What is the difference and how will it benefit you?

Remote Monitoring and Management (RMM)

RMM is a cost-effective solution where a business’ IT network is typically monitored 24/7 providing proactive management and performance. You don’t have to wait for an end user to let you know there is a problem in the environment–proactive monitoring will let your IT know in advance.

Common remote device monitoring typically includes:

  • Email
  • Servers
  • Automatic application backup
  • Low disk space notification
  • Failed services
  • Network issues
  • Virus detection

There are many benefits to RMM, such as reduced environment down time, visibility tothe health of your devices, and the ability to manage your assets and inventory.

Security Information Event Management (SIEM)

A SIEM allows you to have full visibility in and outside of your network. You can determine if cyber criminals are interested in your data through the alerting and reporting tools a SIEM offers.

A SIEM combines all security events from device logs and centralizes that data into one source for security analysis, reports, and alerting. It also stores, analyzes, and correlates a multitude of security information, authentication events, anti-virus events, audit events, intrusion events, etc. Any anomalous event captured in a rule alerts an SOC so action can be taken. Also, SIEM tools can help compliance managers meet strict regulatory requirements.

SIEM tools can:

  • Provide a high-level overview of devices, platforms, network.
  • Monitor more events, such as access activity, data access, application activity, and event management.
  • Provide compliance reporting.

Some SIEM standard rules for monitoring detect the following:

  1. Account Lockout
  2. File Transfer Monitoring
  3. File Integrity Monitoring
  4. Change Audit Control
  5. Compromised Credentials
  6. Privilege Escalation
  7. Lateral Movement
  8. Malware / Virus, Brute Force Attacks
  9. DoS Attacks
  10. IPS Exploits
  11. Spam/Malicious Mail
  12. Scanner Found
  13. Session Hijacking

Although there is some cross functionality between an RMM and a SIEM, both solutions serve separate purposes.  At the same time they complement each other through event correlation. For example, the RMM tool can notify the SIEM of high CPU usage on a particular server and that SIEM tool can potentially correlate that the notification to an event.

If you are interested in learning more about our these tools our Support Services can help.  Contact us at info@peters.com for a complimentary consultation.