Prime Factors Blog

SIEM - IAM - UEBM - What About Encryption?

Posted by Pete Flagella on Oct 3, 2018 4:00:00 PM

Find me on:

Data-ManagementA data security professional tasked with providing secure access and data protection may find the solutions available are plentiful, complex and confusing. Do you use SIEM, IAM, some version of UEBM or a combination? 

Each of these are critical to providing Data Perimeter Security; enabling authorized access to critical systems so that business can be conducted both internally and externally. Data security professionals manage devices, people, various entities authorized to access applications and data at the core of the missions critical systems required to make business happy safely and securely.

They are also important in achieving compliance with all industry, regional and government standards/regulations in order to be a ‘trusted’ entity to do business with partners, vendors and consumers. 

There is a lot of overhead when it comes to running SIEM, IAM and UEBM, especially for the uninitiated and non-cyber minded folks. Under 800-171 section 3.3 (800-53r4 AU controls), you have to demonstrate you retain logs for your cybersecurity environment (3.3.1), review logs on a regular basis (3.3.3), have the ability to 'audit' the logs (3.3.5) and alert events (AU-6). 

Typical implementations of these Data Perimeter Security solutions have several steps to reaching a ‘go live’ state, including:

  • Discovery Phase – Laying the Groundwork
  • Pilot Phase – Beginning the Implementation
  • Controlled Deployment Phase – Building the Capacity
  • Maturity Phase – Continuing to Improve

Depending on the size of your organization—including people, devices and your technology infrastructure—each phase could take anywhere from months to years to fully realize the business system protection you need today.

In the meantime, cyber criminals are just around the corner looking for their next victim…which could be you!

What about Encryption?

As the attacks of Ransomware over the last few years have demonstrated, these various Data Perimeter Security solutions can be breached and bypassed deploying 'encryption' malware leveraging standard data encryption to digitally hold company and user data hostage for ransom; ultimately, demonstrating the power of encryption as a valuable tool in the arsenal of malicious actors.  

Ironically, this same technology can protect the data assets these cyber criminals use to steal PII, PIA sensitive, mission critical information. In fact, Data Encryption should be a cornerstone of any Data Security Initiative regardless of the long term solutions like SIEM, IAM and UEBM.

The type of Data Encryption solution selected should be agnostic to your business databases, operating system platform(s) and technology infrastructure to ensure both immediate, short and long term plans for success. It would also leverage a single common user interface to implement and manage each type of cryptography (Tokenization, Key Management, PCI Auditing and GnuPGP), regardless of current or future needs.

This solution is available today with EncryptRIGHT from Prime Factors.

EncryptRIGHT’s multi-platform, multi-database architecture enables data security and protection across all major industry sectors and businesses; regardless of size or technology infrastructure.

With a common web based user interface, EncryptRIGHT makes the process of installation, training, configuration, deployment and management easy for both programmers and non-programmers alike. This process reduces complexity, costs and time from months or years to days or weeks.

EncryptRIGHT’s unique Data Protection Policy (DPP) Dashboard makes deployment and management of Tokenization, Key Management, PGP and PCI Compliance simple and fast. It allows flexible configuration and implementation using either the Data Protection Policy Dashboardour extensive API libraryor both.

With cross-platform deployment in a single common user interface, EncryptRIGHT is a cost effective, mission critical data security solution for any business needing to protect their data whether at rest or in motion. EncryptRIGHT’s architecture allows integration with current and future Data Security Initiatives. How would you like your data security a reality today and ready for the future?

Contact Prime Factors today and let us show you how EncryptRIGHT can make a difference in your data security profile!

Topics: key management, EncryptRIGHT, PCI Compliance, encryption, Tokenization, siem, iam, uebm