A few weeks ago, eIQnetworks commissioned a survey of security professionals. According to the press release, “the SIEM approach of relying entirely on logs and other event-based information to effectively address modern enterprise threats is now dead.” There was a lot of reaction from analysts, bloggers and influencers on the ‘SIEM is dead’ affirmation. Here is an insightful blogpost by Bill Brenner at CSO Online titled SIEM is Dead? That is Doubtful if you would like to read more.
Another proof point that security information and event management is not dead is the recent SIEM acquisitions. What is clear, though, is that SIEM technology is evolving. I constantly hear from practitioners that SIEM is not only hard to deploy, but also is very complex to manage it continuously so that it provides the right information. For this technology to be useful and deliver on its promise, it needs an additional layer that provides context as to how the ‘feeds and speeds’ relate to the needs of the buisness.
When you combine events of interest with state information and changes that damage the integrity of your critical files and infrastructure, you have better leading indicators of potential threats. By integrating these technologies and adding a layer of risk context, you start abstracting the operational and security data with information that resonates with the business, so that you can start making decisions based on risk to the organization.
A short blogpost for such a comprehensive topic, but would love your thoughts on the matter. Hasta pronto,
PS — short video below the product wheel on the product page on our site provides a good overview of our security solutions.