5 Reasons You Should Rethink Your SIEM Strategy
The Future of Security Operations and Analytics could include a data lake..and a Snowflake…
Defining SIEM Technology
The term SIEM was coined in 2005 by Mark Nicolett and Amrit Williams, in Gartner’s SIEM report, ‘Improve IT Security with Vulnerability Management. SIEM technology supports threat detection, compliance, and security incident management through the collection and analysis of security events as well as a wide variety of other contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities such as incident management and response, dashboards and reporting.
SIEM solutions improve an organization’s ability to quickly detect attacks and data breaches as well as improve incident investigation and response capabilities and even report on compliance for internal and external audits. However, this requires an ongoing investment in resources for both technology operations and security event monitoring to realize their true value. Modern solutions enable security teams to efficiently and effectively correlate telemetry data during investigations, typically through querying extracted fields across the entire data set, which can identify indicator artifacts such as indicators of compromise (IOCs) and indicators of attack (IOAs).