Intelligent CISO Issue 08 | Page 38

FEATURE Organisations that view ML as a silver bullet to their challenges will soon come crashing back to reality. The security industry’s journey with AI-powered analytics is still relatively nascent. It is up to security vendors to be at the forefront of this journey, delivering customers advanced and pragmatic approaches that will best protect them from ever-evolving threats. And there is no silver bullet; organisations should view NextGen SIEM as a platform and select a NextGen SIEM vendor that can pragmatically realise full NextGen SIEM capabilities across time, against their practical resource constraints. How has SIEM evolved over the last decade and where do the likes of SOAR and SOAPA fit into the security picture? Just like the threats it was designed to protect us from, SIEM is continuously evolving. Cybersecurity technology that is developed to solve a specific issue at a given time and doesn’t change or evolve, will soon become legacy as threats and tactics grow in sophistication. As such, if SIEM had stayed as its initial incarnation it would be extinct, but it has evolved with the times and ‘NextGen SIEM’ now exists. NextGen SIEM has evolved to have Big Data storage architecture at its foundation. This enables it to cope with the increasing influx of security information by facilitating a far greater repository where data is analysed with advanced capabilities – including complex scenario detection and behavioural modelling – which allows it to 38 identify and prioritise known and unknown threats. Furthermore, advanced incident response automates threat mitigation and investigation with previously unparalleled speed and accuracy. SOAPA and SOAR technologies are still in their infancy with the industry not yet fully decided on how to truly define the terms. Yet, what can be said is that both can encompass SIEM. For instance, traditional SIEM solutions typically focus on a few data points, but SOAPA enables users to unify SIEM alongside other vendors’ APIs into a single platform. This means other data from other tools, such as network security analytics, incident response platforms, endpoint detection and anti-malware etc, are knitted together to ensure a more comprehensive picture which provides security teams with greater oversight. SOAR is a term created by Gartner and refers to a more efficient and effective response to threats, often through the use of automation. With the amount of inflowing cybersecurity data ever- increasing, manually responding to alerts is a tedious process and likely to result in missed red flags. When automation is incorporated into a firm’s SIEM setup and overall cybersecurity posture, they are in a much better position to respond sufficiently to potential threats. How is AI (or ML) changing the SIEM model currently and will it transform it completely in the next couple of years? Security teams are often restricted by limited time, money and people-power, so businesses simply cannot expect their digital estates to be truly secure if responsibilities are carried out manually Issue 08 | www.intelligentciso.com