For the Love of SIEM

It’s fairly typical for an organization to have a love-hate relationship with security information and event management (SIEM). This toolset is at the heart of the enterprise’s security nerve center and an integral part of security monitoring. SIEM solutions filter through the good, the bad and the unknown for a holistic view of security events.

What Is SIEM?

Gartner defined SIEM as technology that “supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources.”

Sound good? Not if you consider that 44.4 percent of security managers who participated in a 451 Research study reported significant obstacles in fully realizing the benefits of SIEM due to lack of staff expertise, while an addition 27.8 percent cited inadequate staffing. The study also revealed that just one-third of organizations pass less than 30 percent of their data through an SIEM system. But if you send anything and everything into this complex nerve center, how do you minimize all the noise?

A Changing Landscape

As attacks grow more advanced, it’s increasingly important for organizations to have flexible, scalable and collaborative security tools in place to meet changing security requirements. Companies must deal with diversifying user bases, various access needs and multiple connected endpoints. As they battle complex threats to their sensitive data, they are forced to face the unsettling fact that, in many cases, security incidents originate from trusted users on the inside.

An IBM X-Force report found that insiders were responsible for 60 percent of attacks surveyed in 2015, compared to 55 percent in 2014. This type of attack can cause irreparable reputational damage to a well-established brand. It can also lead to customers losing trust in the company, which eclipses the immediate financial value of the stolen information.

With actionable intelligence generated by innovative tools, such as user behavior analytics and privileged identity and access management (IAM), security professionals can better detect insider threats, anticipate risk and respond if necessary. According to Gartner, at least 60 percent of major SIEM vendors will incorporate advanced analytics and user and entity behavior analytics (UEBA) functionality into their products by the end of 2017.

Fine-Tuning SIEM With Machine Learning

Event correlation rules that provide security intelligence are limited until external data sources are pulled in and fine-tuned. Determining what the SIEM tool should digest as good or bad is a lengthy process that understaffed IT teams must complete while juggling multiple tasks and firefighting alerts. This problem will only get worse. According to Cybersecurity Ventures’ “Cybersecurity Jobs Report,” the IT workforce will be 1.5 million employees short by 2019.

This is where the cognitive era comes to play — not to replace humans, but to allow analysts to focus their skills in the right areas by employing machine learning techniques to digest the wealth of human-generated knowledge and information. Martin Borrett, chief technology officer (CTO) at IBM Security Europe, explained that the amount of security blogs, news articles and academic papers amount to about 7,400 pages of unstructured, written security information — far too much for the average human to ingest. SIEM tools that embrace cognitive techniques enable analysts to make more informed decisions on findings and tune appropriately to reduce the noise.

Listen to the podcast: The Cognitive Transformation is for Everyone

Future-Proof Your Security Posture

It’s not surprising that many organizations take a marmite-like approach to their relationships with SIEM. If you’re not feeling the love, it’s quite easy to shut your SIEM away in the basement. If you can make the most of these tools, however, your security team will have access to fantastic capabilities.

Related to this Article

The threat intelligence security market is expected to grow from just over $3 billion in 2015 to nearly $6 billion by 2020 at a compound annual growth rate (CAGR) of 14.3 percent from 2015 to 2020, according to Research and Markets. The firm expects SIEM to dominate with the largest market share of the solution segment in 2020. It also predicted that the global SIEM market will grow to at least $4.5 billion by 2019.

How can you claim to be secure if you don’t have visibility and governance of activity in your organisation’s environment? Choosing the right SIEM tool depends on your organization’s priorities. To future-proof your security posture, be sure to invest in security tools that provide:

  • Intelligence — correlation, analysis and massive data reduction;
  • Integration — unified architecture delivered in a single console; and
  • Automation — driving simplicity and accelerating time to value.

If you’re struggling to connect with your SIEM, integrate it with other technologies that fit your existing vision and business needs to nurture its security maturity. Only you can judge what solutions are right to help your business detect and respond to threats.

Laurie Gibbett

Security Specialist, IBM

Laurie Gibbett is a Security Specialist on the UK IBM Security Associate Partner Team. In her role, Laurie assists...