By Matthew Gardiner, Senior Manager, RSA Security Management & Compliance
My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity. In the paper Jon clearly brings forward his argument – with which I completely agree – that security threats have changed and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit clichéd, but read the paper and you will see that there is a clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, have gone up — way, way up.
But there is the rub, as most centralized security data collection and analytics systems in use by enterprises today (SIEM systems generally) not only rely on partially informative data sources (logs/events), but are already computationally overwhelmed by the amount and rate of change of this security data. Collecting data that can’t be analyzed in a timely manner adds little value. Asking these traditional SIEM systems to provide better security monitoring to match the stealthiest attacks has become a dead end. It is our view that further tuning and tweaking of traditional, log-centric SIEM systems is futile given the security realities on the ground. While security organizations face more than SIEM technology challenges, such as rapid infrastructure and application changes and the growing security skills shortage, more effective monitoring tools can help to mitigate the impact of all of these problems.
Enter the era of Big Data security analytics. RSA’s new product for this new era is RSA Security Analytics. Whether or not the market ultimately considers this product a SIEM or creates a new category for it, RSA Security Analytics brings forward a new approach to the detection and investigation of threats that goes beyond traditional, log-centric SIEM systems. It enables the ingestion and analysis of large and fast changing data sets with the goal of helping the security analyst draw intelligence from it in near real-time.
Does it consume logs? Yes. But it is not limited to only that form of telemetry. RSA Security Analytics combines broad telemetry (most notably full network packet capture, automated threat intelligence, and asset information) with a data management and analytic platform that scales to make real-time security monitoring effective against even the most stealthy attacks.
To take part in our product launch event (or view a recording of it later) come join us here.
Matthew Gardiner is on the Security Management & Compliance product marketing team at RSA and is focused on the evolution of the SOC and RSA’s solutions which help SOC analysts be more effective and efficient in their jobs. You can follow him on twitter @jmatthewg1234.