The Future of Security Operations and Analytics could include a data lake..and a Snowflake…
Defining SIEM Technology
The term SIEM was coined in 2005 by Mark Nicolett and Amrit Williams, in Gartner’s SIEM report, ‘Improve IT Security with Vulnerability Management. SIEM technology supports threat detection, compliance, and security incident management through the collection and analysis of security events as well as a wide variety of other contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities such as incident management and response, dashboards and reporting.
SIEM solutions improve an organization’s ability to quickly detect attacks and data breaches as well as improve incident investigation and response capabilities and even report on compliance for internal and external audits. However, this requires an ongoing investment in resources for both technology operations and security event monitoring to realize their true value. Modern solutions enable security teams to efficiently and effectively correlate telemetry data during investigations, typically through querying extracted fields across the entire data set, which can identify indicator artifacts such as indicators of compromise (IOCs) and indicators of attack (IOAs).
The Market Today: Undergoing An Exciting Change
The Security and Information Event Management (SIEM) market is undergoing a radical transformation that is fueled by continuously evolving changes to infrastructure, supporting a remote workforce, budget restructuring as well as other business, compliance, and security drivers.
The point of this article: Traditional SIEMs no longer meet the growing needs of security pros who face new and emerging threats.
With remote work, cloud adoption and other digitization initiatives accelerating over the last year, the spotlight is again on SIEM as organizations seek a wider net with more scalability and automation. The challenge this time is for users to understand how to assemble the appropriate SIEM solution.
After over 16 years of facelifts and evolutions, the SIEM space as we know it is ripe for a revolution (and it has already begun!) A new approach and more importantly a new…