18 Sep Going Beyond SIEM: How To Lock Down Your Data Repositories
As traditional, perimeter-based cyber security measures such as firewall and antivirus proved themselves to be incapable of completely preventing data breaches over the years, more companies have turned to security information and event management for support.
Is SIEM the silver bullet that it’s sometimes made out to be, though? Businesses that rely solely on SIEM to identify malicious activity and stop it in its tracks could be at risk for a significant security incident. The reality is that to be truly secure in this day and age, you need to go beyond SIEM.
How SIEM reached the mountaintop
As a tool in and of itself, SIEM can be extremely beneficial. Its popularity reflects a growing understanding that perimeter defenses are unable to account for every threat lurking in cyberspace, and that the sheer volume of emerging malware strains is too much to keep up with. A December 2016 Kaspersky Labs report stated that it identified approximately 323,000 new malware samples every day. That’s to say nothing of the unknown number of zero-day threats and vulnerabilities that have yet to be uncovered.
Data breaches are all but inevitable.
In lieu of an ironclad defensive perimeter, cyber security-savvy organizations have accepted that data breaches are all but inevitable. Modern best practices dictate that it’s not about stopping an intrusion but quickly identifying and responding to it. From that perspective, embracing SIEM tools makes a lot of sense.They promise to monitor enterprise environments, keeping an eye out for suspicious activity that might suggest a malicious actor at work.
Enterprise security teams have gravitated to SIEM solutions in recent years, with adoption rates soaring. A January 2017 Technavio study predicted that the worldwide SIEM market would increase at a compound annual growth rate of approximately 12 percent over the next four years.
Despite the massive uptick in SIEM usage, stories of significant, long-lasting data breaches abound. Is it possible that SIEM is not the catchall solution that some have claimed it to be?
SIEM is not flawless
Not all SIEM adopters have achieved the level of security promised by this technology. According to a recent survey conducted by the Ponemon Institute, 52 percent of SIEM users were unsatisfied with the actionable intelligence they received from their solution. Some of the reasons given for this disconnect included SIEM producing too many low-priority or inaccurate alerts.
Another issue that enterprises may encounter with SIEM is scalability. Some of the top SIEM solutions available struggle to keep up with increasing data repositories. They may begin to run slower, and their performance will dip as more data is added. This prevents organizations from quickly combing through large swathes of information in real time, which is a requirement for identifying threats before they can wreak havoc on your system.
Expanding SIEM’s capabilities
Companies should pair their SIEM tools with a big data platform.
That is not to say that these companies should ditch their SIEM solutions – far from it. Instead, they should pair their SIEM tools with a big data platform that can keep up with the constant influx of information and analyze massive volumes of event data in mere minutes or even seconds. This way, enterprises can parse through data and generate insightful event reports faster than ever before.
Ideally, security teams will want to look for a big data platform that’s as easy to use as it is effective. Sixty-eight percent of Ponemon Institute respondents stated that they needed additional training to really maximize the performance of their SIEM platform. Indeed, SIEM tools can be notoriously difficult to navigate, with a lot of moving parts that need to be mastered.
A platform with user-friendly dashboards can help streamline data analysis processes and ensure that security officers are able to quickly identify high-priority threats and address them before the damage is done.
To really take SIEM tools to the next level and expand your cyber security coverage, support from a high-quality big data platform is required. SenSage™AP pairs perfectly with leading SIEM software such as Spunk, giving enterprises the biggest bang for their buck.