FEATURE
Organisations
that view ML as a
silver bullet to their
challenges will soon
come crashing back
to reality.
The security industry’s journey with
AI-powered analytics is still relatively
nascent. It is up to security vendors
to be at the forefront of this journey,
delivering customers advanced and
pragmatic approaches that will best
protect them from ever-evolving threats.
And there is no silver bullet;
organisations should view NextGen SIEM
as a platform and select a NextGen
SIEM vendor that can pragmatically
realise full NextGen SIEM capabilities
across time, against their practical
resource constraints.
How has SIEM evolved over the
last decade and where do the
likes of SOAR and SOAPA fit into
the security picture?
Just like the threats it was designed to
protect us from, SIEM is continuously
evolving. Cybersecurity technology that is
developed to solve a specific issue at a
given time and doesn’t change or evolve,
will soon become legacy as threats and
tactics grow in sophistication.
As such, if SIEM had stayed as its initial
incarnation it would be extinct, but it has
evolved with the times and ‘NextGen
SIEM’ now exists.
NextGen SIEM has evolved to have
Big Data storage architecture at its
foundation. This enables it to cope
with the increasing influx of security
information by facilitating a far greater
repository where data is analysed
with advanced capabilities – including
complex scenario detection and
behavioural modelling – which allows it to
38
identify and prioritise known and unknown
threats. Furthermore, advanced incident
response automates threat mitigation and
investigation with previously unparalleled
speed and accuracy.
SOAPA and SOAR technologies are still
in their infancy with the industry not yet
fully decided on how to truly define the
terms. Yet, what can be said is that both
can encompass SIEM.
For instance, traditional SIEM solutions
typically focus on a few data points, but
SOAPA enables users to unify SIEM
alongside other vendors’ APIs into a
single platform.
This means other data from other tools,
such as network security analytics,
incident response platforms, endpoint
detection and anti-malware etc, are
knitted together to ensure a more
comprehensive picture which provides
security teams with greater oversight.
SOAR is a term created by Gartner and
refers to a more efficient and effective
response to threats, often through the
use of automation. With the amount
of inflowing cybersecurity data ever-
increasing, manually responding to alerts
is a tedious process and likely to result
in missed red flags.
When automation is incorporated
into a firm’s SIEM setup and overall
cybersecurity posture, they are in
a much better position to respond
sufficiently to potential threats.
How is AI (or ML) changing the
SIEM model currently and will
it transform it completely in the
next couple of years?
Security teams are often restricted by
limited time, money and people-power,
so businesses simply cannot expect
their digital estates to be truly secure if
responsibilities are carried out manually
Issue 08
|
www.intelligentciso.com