SIEM matures, however landscape changes.

Organizations must provide access to the information that today's diverse and increasingly mobile work force needs while protecting it from cybersecurity risks and meeting regulatory compliance requirements. Effective security starts with real-time visibility of all activity on all systems, networks, databases, and applications — requiring the collection and analysis of a broad range of security data to be generated at a rate of millions or billions of records every day.

Security analysts struggle to make sense of this constant data stream. To reduce this massive data flow into actionable information, they are turning to automated security information and event management (SIEM) tools. According to IDC, the SIEM market will grow 22% annually through 2014, making SIEM the fastest growing segment of the security and vulnerability management market.

However, current generation SIEM solutions are unable to keep up with the ever-increasing amount and rate of data to be collected and analyzed. Also, once collected, current solutions cannot access the data fast enough. Most solutions are “after-the-fact” tools that report “what happened” instead of real-time systems that organizations can rely on during a cyberattack.

After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered mature. Capabilities such as event collection, correlation, alerts, and demonstrating compliance with regulatory mandates are foundational, and most SIEM solutions address these needs.

But the landscape is changing.

Organizations face new threats such as targeted and persistent attacks; new trends like mobile, cloud, and virtualization; and shifting business priorities around customer acquisition, operational efficiencies, and cost savings. As a result, SIEM use cases require more advanced capabilities to solve bigger business issues.

McAfee spoke with SIEM users and asked them to talk about their primary issues with SIEM.

Here are their top five issues:

Big Data Security.
Big Data Security can be extremely valuable—if you’re able to use it. Legacy SIEM solutions weren’t designed to integrate with such a broad number of endpoint, network, and data sources, nor intended to process such high event rates or maintain such long retention policies. As a result, relational databases and similar legacy SIEM shortcomings designed primarily with network-centric events in mind simply don’t meet the security needs of today’s dynamic IT infrastructures. They lack the speed, extensibility, and scalability to be effective and usable.

Situational awareness.
There was once a time when SIEM was simply a tool to correlate events across firewalls and intrusion detection systems, and then perhaps apply some vulnerability assessment data. Even today, there are some SIEMs that rely primarily on network flow data. While all of these sources are important, they need to be enriched with application, data context, and identity information. Without that, it takes more time and resources to understand and prioritize events with enough situational intelligence to be actionable and timely.

Real-time context.
One of the earliest SIEM use cases was log management — collect, store, and query with a few extra bells and whistles. Logs are still a foundational component of SIEM, but today’s SIEMs also need real-time context.

Ease of management.
Legacy SIEMs have very rigid architectures and lack a few essential capabilities. For example, they don’t easily integrate with previously unsupported devices to make information usable. But a next-generation SIEM, on the other hand, is easy to customize and flexible enough to fit any given environment. This is exactly what makes a next-generation SIEM strategic for so many organizations.

Integrated security.
SIEM is an important component of any strategic security initiative, but it’s still just one of many. Integration across security and compliance solutions delivers more together than just the individual solutions alone, while a non-integrated architecture creates complexity. Complexity is why security often remains largely tactical instead of becoming more strategic and aligned with business priorities.

Today, SIEMs need to operate as part of a larger, connected security framework where security and business priorities are aligned. SIEM plays an important role in making security more strategic and providing real business value.

To discuss how a SIEM solution can be used to provide a more effective security and risk management strategy for your organisation contact Mark.Micklefield@mpa.co.nz

 

Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >