Apply Pressure to SIEM and it Turns into Security Analytics
By Matthew Gardiner, Sr. Manager, RSA
It is a well known that if you want someone or something to change, just apply pressure over a period of time. This is true for organizations, people, and even earthly matter, such as carbon (diamonds) and formerly living plants (hydrocarbons). Markets also transform when under pressure. I believe this is precisely what is happening to the SIEM market right now.
What are the points of pressure for the SIEM market? There are a number of them, but the big one is the rise of advanced or targeted attacks against organizations. While traditional, log-centric SIEM systems are theoretically well positioned to become early warning systems for advanced threats, due to their centralized position pared with highly distributed data collection, they currently fall short in many critical ways.
For one, traditional SIEM systems do not have sufficient visibility into the IT environment or organizational context to be able to detect security vulnerabilities or risky anomalous activity. Even if they had this capability, SIEM systems don’t provide sufficiently deep analytics to be able to aid the security analyst sort through the meaningless noise to find the security issues that matter. Furthermore, even if they could accomplish the previous two things, most traditional SIEM systems choke when applied to this level of “big data” – often measured in terabytes per day.
And finally, SIEM systems were not designed with the security (or SOC) analyst sufficiently in mind. Since security analysts spend much of their time investigating issues and incidents, it is absolutely critical, especially with the rise of advanced threats, that they be able to conduct these investigations efficiently and effectively, as time is the enemy.
The traditional, log-centric SIEM market is under pressure from advanced threats, but as do organizations, people, and earthly matter, the SIEM market in general (and RSA in particular) is responding to this pressure by transforming SIEM into Security Analytics.
Matthew Gardiner is on the product marketing team at RSA and is focused on the evolution of the SOC and RSA’s solutions which help SOC analysts be more effective and efficient in their jobs. You can follow him on twitter @jmatthewg1234.
