What is the data breach lifecycle? IBM defines it as the time elapsed from first detection of a breach to its containment.
“If a breach occurred on January 1 and it took 287 days to identify and contain,” writes IBM, “the breach would not be contained until October 14.”
The longer it takes to identify a breach, the more expensive it becomes. IBM also found that breaches with a lifecycle of 200 or more days cost an average of $4.87 million, compared to a lifecycle of less than 200 days costing $3.61 million.
One way to reduce a breach’s lifecycle—and to detect events throughout—is with what’s called a SIEM.
What Is SIEM?
SIEM stands for security information and event management.
A SIEM tool collects logs from different pieces of hardware and applications into one centralized location, and then analyzes those logs for potential cybersecurity threats.
When your business considers its first or its next SIEM, consider what protections it offers—and doesn’t offer—for your sensitive data. Know what trade-offs you’ll be making, and have a plan in place for what to do with alerts your SIEM sends your way.
If 287 days sounds like too long for a data breach lifecycle, you’re right. SIEMs can help reduce financial and reputation risks throughout that time.