SIEM: How Akamai Delivers Key Customer-Identity Signals to Enterprise Security Systems

December 18, 2017 · by Tim Gasper ·

Note: For the most up-to-date information on this topic, visit the official Akamai Developer SIEM Integration page.

We’re happy to announce the availability of the first cloud-based, universal SIEM integration of customer event data through the Akamai Identity Cloud. Akamai SIEM Integration connects with major Security Information and Event Management systems, such as IBM QRadarSplunk, ArcSight, LogRhythm, and McAfee. SIEM solutions give companies a centralized platform for combining signals across the enterprise's IT environment - logs, network activity, cloud applications - to detect security threats and anomalies. Akamai SIEM Integration expands the scope of data that SIEM systems can consume to include registrations, logins, password resets and other customer identity events.

Security Information and Event Management (SIEM) systems are designed to give your organization a holistic view of IT security. These systems recognize that data relevant to enterprise security are produced at multiple points across its ecosystem and aim to provide a single, central point of view. Through the lens provided by SIEM, security teams can spot trends and patterns beyond the norm. Enterprise-grade SIEM systems standardize and analyze this data, produce reports and alert administrators on when to take action.

The Akamai Identity Cloud monitors threats in real time and offers a wide variety of security- and compliance-ready features and capabilities. The Akamai SIEM Integration gives companies the additional capability of bringing a multitude of CIAM event data points into their own monitoring and alerting infrastructure and use their SIEM platform for centralized security analytics, alerting and incident response. These two layers of security monitoring – one by Akamai and one by the client – create a more robust approach to cybersecurity that helps teams to identify and analyze issues quickly and reduce time to resolution.

Akamai SIEM Integration can deliver log and event data in two different, open and standardized formats - Common Event Format (CEF) and Log Event Extended Format (LEEF). Both formats are supported by all major SIEM and log management systems, allowing for out-of-the-box parsing and analysis. The data can be transmitted to an HTTP(S) endpoint in near real-time or in scheduled batches through an intermediary secure FTP server.

The Akamai SIEM Integration allows our clients to expand the scope and maximize the utilization of their SIEM solutions. Registration and login events along with their associated metadata - like IP addresses, registrations, logins, authorizations or user behavior analytics - can be tracked across all Akamai-connected sites and applications. Our SIEM Integration gives IT security teams a more powerful lens through which to view their network.

For additional information, please visit our official SIEM Integration page.

Tim Gasper is a senior product manager at Akamai Technologies.