More Improvements To SIEM Than Big Data

  /     /     /  
Publicated : 22/11/2024   Category : security


More Improvements To SIEM Than Big Data


For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way



So lets get this out of the way: When vendors utter the phrase security information and event management, or SIEM, at next weeks RSA Conference, its business beau Big Data will be no more than a sentence away.
With large enterprises seeking to gain situational awareness into what is happening on hundreds, if not thousands of network devices, using the business analytics model of Big Data makes sense. For that reason, the mantra of the three Vs of data -- velocity, volume, and variety -- will likely echo from booth to booth throughout the exposition hall.
With SIEM, if you have the right set of tools, you can easily collect a lot of information, and you can store a lot of information for compliance reasons, and do fast analysis of the data coming from different sources, says Varun Kohli, director of product marketing for Hewlett-Packards enterprise security products group. So SIEM is one of the tools that is absolutely aligned with the problems of big data and the solutions that it can offer.
Yet Big Security is for the large enterprise, at least today. While analysts expect 40 percent of companies to start tapping their big security data by 2016, today only a small fraction -- about 3 percent of companies -- are doing it today, says Kohli.
But the SIEM story is not all about Big Data. Companies in the market for a more modest SIEM should expect a number of improvements this year.
1. Easier to use
Another big meme for the conference is the dire shortage in security manpower. Unfortunately, getting the most from a SIEM system typically requires good security analysts.
The tension between those two opposing factors means that vendors are constantly trying to deliver the basic abilities of managing and organizing event logs, normalizing the events and allowing the search and correlation of data without requiring a full-time security-analyst staff.
Expecting me to spend 18 months to deploy this system, as if it was a niche technology, is no longer acceptable, says Nicole Pauls, director of product management for SolarWinds, a mid-market network-management software maker. Most of the mid-sized businesses do not have even a single person that manages security full time, so creating a simple system is key.
[Security products are featuring more analytics these days to help automate and speed the interpretation and response process, but any rules, algorithms, or interpretations of the data can also reflect the perspective and assumptions of whoever created them. See
Rashōmonitoring
.]
Managed services are currently a good way to bridge the expertise gap, says Roger Thornton, chief technical officer of unified-security management vendor AlienVault.
There are a lot of companies out there that are offering their services to help deploy and manage, and -- more and more -- those guys are asking for a pretty reasonable price to give clients what they need, he says.
2. Adding security intelligence
More companies are also looking at using threat intelligence to allow their SIEM system to account for attacks that may target a company.
There is a lot of threat intelligence feeds coming in: the bad URLs, the phishing addresses and bad IP addresses, says James B. O’Kane, managing principal of Vigilant, which helps clients focus their SIEM systems on risks. And we see clients taking that feed and writing some use cases and marry other pieces of data to that feed.
IBM, which purchased SIEM vendor Q1 Labs in October 2011, is another company that is taking cues form their customers use of additional sources of information, such as threat-intelligence feeds.
More and more customers are asking what they can add to the platform and what can be added to the platform, says Michael Applebaum, program director at IBM Security Systems. You can draw more insight with who is doing what with what systems and in what situations.
3. Changing response based on risk
Companies are also looking to gain more context from their SIEM systems. Augmenting SIEM analysis with knowledge about different IT assets inside a company and events, such as vulnerabilities and existing threats, could help companies gauge the their risk, says HPs Kohli.
It might make sense to say, We know that this asset is very critical to the business, and it uses Java and a new vulnerability has been found, so lets increase the risk score, he says.
While such features are already seen in compliance and governance solutions, bringing that capability together with SIEM can give companies a better view of their current security, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
More Improvements To SIEM Than Big Data