Akamai Diversity

The Akamai Blog

Akamai delivers key customer identity signals to enterprise security systems

We're happy to announce the availability of the first cloud-based, universal SIEM integration of customer event data through the Akamai Identity Cloud. Identity Cloud SIEM Integration connects with major Security Information and Event Management systems, such as IBM QRadar, Splunk, ArcSight, LogRhythm and McAfee. SIEM solutions give companies a centralized platform for combining signals across the enterprise's IT environment -- logs, network activity, cloud applications -- to detect security threats and anomalies. Identity Cloud SIEM Integration expands the scope of data that SIEM systems can consume to include registrations, logins, password resets and other customer identity events.

Security Information and Event Management (SIEM) systems are designed to give an organization a holistic view of IT security. These systems recognize that data relevant to enterprise security are produced at multiple points across its ecosystem and aim to provide a single, central point of view. Through the lens provided by SIEM, security teams can spot trends and patterns beyond the norm. Enterprise-grade SIEM systems standardize and analyze this data, produce reports and alert administrators on when to take action.

As our enterprise customers know, Identity Cloud monitors threats in real-time and offers a wide variety of security and compliance-ready features and capabilities. The Identity Cloud SIEM Integration gives companies the additional capability of bringing a multitude of CIAM event data points into their own monitoring and alerting infrastructure and use their SIEM platform for centralized security analytics, alerting and incident response. These two layers of security monitoring -- one by Akamai and one by the client -- create a more robust approach to cybersecurity that helps teams to identify and analyze issues quickly and reduce time to resolution.

Identity Cloud SIEM Integration can deliver log and event data in two different, open and standardized formats -- Common Event Format (CEF) and Log Event Extended Format (LEEF). Both formats are supported by all major SIEM and log management systems, allowing for out-of-the-box parsing and analysis. The data can be transmitted to an HTTP(S) endpoint in near real-time or in scheduled batches through an intermediary secure FTP server.

The Identity Cloud SIEM Integration allows our clients to expand the scope and maximize the utilization of their SIEM solutions. Registration and login events along with their associated metadata -- like IP addresses, registrations, logins, authorizations or user behavior analytics -- can be tracked across all Identity Cloud-connected sites and applications. Our SIEM Integration gives IT security teams a more powerful lens through which to view their network.

SIEM Integration is available as an add-on to the Akamai Identity Cloud.