Security information and event management (SIEM) solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets.
The warning comes from security expert John Grigg, lead cyber strategist with Meta Studios. In a talk at the Infiltrate Conference, he concluded, after a review of deployments, that many top SIEM vendor solutions are insecure.
“SIEMs are a one-stop shop for attackers. Nobody has these locked down. And once they gain a toehold on the SIEM box, an adversary has a map and keys to do what they want on the network,” he said.
While SIEMs are used as defensive tools to analyze events on a network, weak or default credentials often used by network administrators coupled with complex installations make them prime targets.