Security Information and Event Management (SIEM) has been a critical technology part of an organization’s security posture for a long time to protect against cyberthreats ranging from insider threats, denial of service to advanced threats. The adoption of SIEM solutions is only growing and as per Gartner Forecast Analysis: Forecast Analysis: Information Security, Worldwide, 1Q18 Update, the global information security market is forecast to grow at a CAGR of 7.8% to reach $143.3 billion in 2022 with security testing, IT outsourcing and SIEM being among the fastest-growing security subsegments driving growth in the infrastructure protection and security services segments. According to Gartner, no single technology, such as, CLM, UEBA, NTA, SOAR or EDR can replace the entire set of SIEM capabilities. Additionally, Global Security Information and Event Management Market 2017-2021, estimates that the SIEM market will grow at more than 12 percent CAGR over the next four years to $5.93 billion by 2021. Since inception the promise of SIEM has been:
- Comprehensive visibility into Network, Endpoints, Data and Applications
- Correlation across point security solutions
- Contextual intelligence for response actions
- Streamlined compliance reporting
- Effective analytics and pertinent information for the security teams
Legacy SIEM: The Good, The Bad, and The Ugly
Even though SIEMs do a good job of centralized analysis and reporting by aggregating, indexing and storing logs from different data sources, correlating this information for incident investigation, and compliance reporting through analysis of historical data, yet most organizations today fail to derive the best value out of SIEM because of its implementation complexity, operational challenges, and total cost of ownership (TCO). Further, increased attack surface with the adoption of hybrid cloud networks, sophisticated threat vectors and high volume of incidents, compliance laws getting more stringent, limited security budget and security skill shortage, businesses today need SIEM technology that is driven by analytics, behavioral analysis for current & historical context, automates certain SIEM-generated tasks, provides greater visibility of network traffic moving across the organization, and understands and analyzes threat indicators to improve the overall security posture.
Modern SIEM vs. Seceon aiSIEM
To circumvent the challenges of traditional SIEM platforms, Gartner defines the modern SIEM (read: SIEM Technology Assessment) to work with more than just log data and apply more than simple correlation rules for data analysis. Some of the key capabilities include, large-scale and more robust data collection from cloud and other modern IT data sources, collect & analyze logs and data from networks & endpoints, incorporate threat intelligence feeds for correlation and enrichment, enhanced data analytics beyond rules, fast and scalable search over volumes of raw data and, most importantly, automated response.
Seceon® aiSIEM is a modern security information and event management platform built on Big/Fast Data Architecture that visualizes, detects and eliminates threats in real-time with continuous security posture improvement, compliance monitoring and reporting, and policy management. It is a powerful complement to Next-Generation Firewalls (NGFW) empowering Enterprises and MSSPs to detect and eliminate all known and unknown cyber threats in real-time and uses elastic compute power, dynamic threat models, behavioral analytics, advanced machine learning (ML), AI with actionable intelligence with proprietary feature engineering and anomaly detection algorithms without a need for daily tuning. It goes beyond using the log data, simple analysis for correlation of events and applying rules to enhance an organization’s security posture and provides a zero-trust security in a digital era, while dramatically lowering SOC operational cost.
The key salient features of aiSIEM solution are:
- Robust, large-scale data collection from cloud and all data sources (network, endpoints, identities, etc.) in streaming platform, which scales to billions of events handling per second with context
- Analyzes logs & data and incorporates threat intelligence feeds for correlation and enrichment
- Enhanced data analytics beyond rules with contextual real-time alerts for “threats-that-matter” and automated response
- Simplified licensing for comprehensive threat detection
- Scalable architecture with support for multi-tenancy & data segregation
To highlight the differences, here’s a simple comparison chart based on Gartner’s definition of modern SIEM. I have included the Legacy SIEM in the chart to provide a clear perspective on where we are coming from and where we are going.
Posted by Arun Gandhi
Arun works as the Director at Seceon leading product management and marketing with responsibility for driving strategic Go-To-Market initiatives, positioning, customer use cases, and executive engagements with customers & partners.
Prior to Seceon, Arun held various technical and leadership roles in Product Management, Strategy, Marketing and Engineering at Juniper Networks, NetBrain Technologies, and Misys Plc (now Finastra). With more than 17 years of experience with startups and global brands, Arun’s experience includes product management, business strategy, high profile customer engagements, product marketing, sales enablement, positioning of emerging technologies, strategic analysis, development & test for security, networking, and cloud technologies in the Service Provider and Enterprise Markets.
Arun presently lives in Boston and enjoys reading and spending time with family.