Data Security BY: Greg Cory ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// USING SIEM to Protect Against Social Engineering Attacks (and more) When you refl ect on the investments your hospitali brand has made in technology over the past 10 years, it is likely that securi has been grabbing more and more of your budget. The complexi of managing multiple brands, properties and services in addition to increasing compliance requirements have undoubtedly driven more spending on securi . So, exactly how much securi technology does it take to make your business secure? ou’ve installed and upgraded fi rewalls, domain controllers, switches, routers, wireless access points, intrusion prevention systems (IPS), in-trusion defense systems (IDS), anti-virus tools and more. You hired one group of consultants to make sure your networks are confi gured correctly and another group to run penetration tests. And next year’s budget includes additional investments to sup-port business continuity. Even with the obvious boxes checked, you’re still not sleeping well at night because you know there is always a way in – an inside job by a disgruntled employee or a laptop stolen from an employee’s car. If you read “The Art of Deception,” by Kevin Mitnick, you know there will always be plenty of reasons to worry. Mitnick is the (in)famous hacker that spent fi ve years in prison before becoming a high-profi le secu-rity consultant. He admitted to leveraging social engi-neering to gain access to most systems, not brute force techniques, DDoS attacks or other more sophisticated intrusion efforts. Mitnick identifi ed real-world sce-narios that he could exploit to gain access to systems directly or indirectly. For one hack, he impersonated a system administrator stuck at home during a snow storm and convinced an unwitting staff employee at a target company to share security credentials over the phone. Why break a window when you have the key to the front door? Y INTRODUCING SIEM The news is full of cyberbreaches that originated through various social engineering attacks. New ransomware victims are a weekly occurrence and the hospitality industry has been on the list of the top most targeted indus-tries for the past three years. With the security market offering a vast arsenal of tools and appliances aimed at addressing every possible threat, which one can protect against social engineering attacks? Fortunately, SIEM solutions are up to the task. Security information and event management, or SIEM, is a solution that sits on top of your entire infrastructure and, from a central location, watches everything that is going on. How is this possible? Remember those log fi les that every device, server and application is producing? Those log fi les contain a goldmine of data that if properly mined can track a broad SIEM IS A SOLUTION THAT range of activities and identify poten-SITS ON TOP OF YOUR tial threats. ENTIRE INFRASTRUCTURE When you implement a SIEM solu-AND, FROM A CENTRAL tion, the tool is connected to every device within your infrastructure to LOCATION, WATCHES access the related log fi les. The log EVERYTHING THAT IS fi les are processed in real time and GOING ON. the data is immediately analyzed by the system. The “secret sauce” of the SIEM analysis is artifi cial intelligence algorithms that correlate related and disparate events from multiple sources. Business rules are built using these correlations and appropriate thresholds are set for triggering alerts. Let’s see how this would work in a real-world scenario. A workstation that is assigned to the marketing department is compromised via a phishing 26 Fall 2017 HOSPITALITY UPGRADE www.hospitalityupgrade.com