Different solutions and technologies are used in many areas such as services and audits in the information infrastructure for the healthy and efficient operation of your organization. In this context, each information component maintains a log based on the studies carried out at different standards and details. Each of these records is of importance in terms of the relevant infrastructure. Records can be used efficiently by reporting with different methodologies.
Due to the large number of transactions in your infrastructure, it is not possible to obtain meaningful data from these logs and to identify risks / threats. SIEM (Information Security Incident Management) emerges as a solution that provides the possibility of reporting and even taking action after interpreting these logs from different sources and interpreting them with respect to their relations with each other simultaneously.
To explain the general logic of SIEM solutions, we can evaluate the following scenario:
Example scenario You give your employees a badge for space security, and these badges are also used for arrivals and departures, and there is a computer that every employee uses. If the employee does not come to the workplace that day, the computer only uses his computer’s login information and the computer starts to use the SIEM solution by examining the logs that he / she receives from both points (input / output information from tournaments and computer login). However, he can detect his / her logon on his / her computer and send the warnings about the subject to the relevant units and even take action and take measures to stop this security breach.
When we consider the SIEM solution within the scope of technical measures, the KVKK (Personal Data Protection Law) seems to be closing the serious deficits in terms of these technical measures.
The IT components of the staff in your infrastructure collecting usage records in a single point and providing a centralized management of the registration of access. With this centralized management, all the logs of a person or a document / information from a single screen can be reported and evaluated. In addition to providing these central reporting accesses, when we go through the above-mentioned scenario, the outcomes of this scenario in the context of CTLB will be as follows:
• Which computers are logged on and which systems have been accessed with personalized authentication information?
• What data has been reached and what changes have been made during and after access?
• Does the staff share this specific access information with others or does the staff use information other than their own access information?
• Has there been any attempt to access data that is responsible for damaging or protecting the system?
• What have been done after these trials? We can diversify samples by detailing.
As part of the SIEM solution, access records of users connected to the internet within the institution can be provided under the law no. 5651.
In this context, the technical solutions to be provided by SIEM products to KVKK are among the precautions to be taken. We collect the logins created by the existing IT components in your system and make correlations (correlating more than one source) on these log.
Sentra works with Logsign for SIEM solutions. For information about Logsign SIEM solutions, you can click the relevant tab on our website or contact the Sentra sales team directly.