How to close SIEM visibility gaps created by legacy apps

It's often difficult to make log files and other data from legacy applications accessible to security information and event management systems. Here are some options for improving visibility.

As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. "Modern SIEMs [security information and event management] have evolved beyond their own legacy feature sets, and have become advanced threat detection and response platforms," says Gabriel Gumbs, chief innovation officer at Spirion, a data security company.

The log data available from legacy applications doesn't always translate well to these platforms, he says. For example, a legacy application might be able to report who has access to the system, he says, but not what they have access to inside those systems. "That's a visibility gap that requires closing," he says.

The problem is exacerbated when legacy applications must be monitored for threats. For example, they may have been built when security requirements were vastly different than what we have today, or before best practices were in widespread use.

They may also include known vulnerabilities, require outdated and insecure infrastructure, or have access to sensitive data or critical systems. "Take, for example, the energy sector," says David Mound, principal cybersecurity engineer at Furnace Ignite, a UK-based startup that makes it easier to collect data from legacy applications and feed it into SIEMs. "They've got SCADA infrastructure, things that have been around for years."

A recipe for unwanted surprises 

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!