RSA Report Offers A Blueprint For Next-Generation SIEM

New report co-authored by RSA, CSC, Terremark, and Verizon calls for a big data-driven early warning system

Traditional security information and event management (SIEM systems) just dont cut it anymore with the types of persistent attacks many enterprises face every day.
Thats not to say all SIEM systems are trapped in time as gatherers of forensics: some
SIEM and log management systems are now beginning to detect attacks in real-time
, security experts say. SIEM is gradually evolving into a real-time analysis and alarm technology, some experts say.
This next-generation SIEM is the subject of a new report sponsored by RSA and co-written by CSC, RSA, Terremark, and Verizon, called Transforming Traditional Security Strategies into an Early Warning System for Advanced Threats. And one of the key ingredients for this new SIEM model is so-called big data analytics, where threat detection capabilities come from reams of information from various sources analyzing behavioral and other trends rather than old-school signature-based technology.
SIEM needs to add pervasive visibility via network packet-capture and session reconstruction, the reports says, and analytics that drills down and look at risk specific to an organization, and compares behaviors; scalability; and a centralized repository that provides security data.
Eddie Schwartz, vice president and CISO, RSA, the security division of EMC, says its all about taking the best of SIEM – such as correlation and handling large amounts of data – and combining that with features such as contextual analysis, and external threat intelligence, which NetWitness offers, for example. This mirrors the move we have been making from technology at RSA ... that addresses the ongoing benefits of SIEM, with big data on the back-end, and unifying security management on the front-end with a console that brings together capabilities of investigating, correlation, and malware analysis, he says.
The report calls the next-generation SIEMs visibility to be able to fully reconstruct activity in the network or systems to better ID malware, track the bad guys movements once hes inside, and the ability to confirm that malicious activity is under way.
Also, SIEM systems should be able to gather and use data from various sources to detect advanced attacks. For example, security analytics systems should search for behavior patterns and risk factors, not just static rules and known signatures. Security analytics systems should also consider the relative value of enterprise assets at risk, flagging events associated with high-value assets, the report says.
So these tools need to be able to scale well. Security analytics platforms must include features such as a distributed n-tier storage architecture and an analytics engine that normalizes and processes large, disparate data sets at very high speed. Data storage and analytics must scale together linearly, the report says.
They also should be able to automatically integrate threat intelligence from various sources in a centralized way, according to the report.
Breaches arent really smash-and-grab anymore. The vast majority of breach and compromise cases last year occurred over a period of months. Our experience shows its more valuable to get a complete view of what happened over the long haul and take mitigation steps than to get a near real-time
analysis of events, says Jonathan Nguyen-Duy, director of global security services at Verizon Business, who co-authored the report.
The full SIEM security brief is available
here for download
(PDF).
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
RSA Report Offers A Blueprint For Next-Generation SIEM