Skip to content

SIEM: an epitaph

September 14, 2011

Born 1999: Died 2011.

It is with some sadness that today we announce the death of SIEM.  Born to a fanfare of promises at the dawn of the information economy as we now know it, SIEM was lauded as a tool that would protect an increasing volume of data from prying eyes and ne’er-do-wells – both on the inside and the outside.

It tried it’s best, but nobody could have predicted what was to come.

  • SIEM promised security professionals the opportunity to collect security data from across their network; to provide a consolidated and unified view of their security position. Yet, Advanced Persistent Threats with no common signature or vector now strike indiscriminately at the hearts of organizations like Sony, the International Monetary Fund, Epsilon, Sega, Sony (again) and the CIA. SIEM doesn’t even provide the visibility to quickly identify the mode, vector or target of an attack even when an organization knows it is coming!
  • SIEM promised to enable ALL security data to be collated via a single console. Yet, breach detection still requires teams of people to sit inside darkened rooms with a multitude of printed reports, in order to manually cross check data in an attempt to identify anomalies.  The average response time for a breach currently stands at 18 days!
  • SIEM promised to equip security professionals at large organizations to identify breaches quickly and enable them to take action.  It delivered for a while, when attacks were signature-based or attacks exploited known vulnerabilities, but in a world of advanced, persistent cyber- and insider-based threats it offers no visibility into attacks exploiting misconfigured or badly secured networks.

And, we’re not alone.  65 percent of the senior security professionals we asked said that they weren’t confident that their SIEM tools would provide them with the protection they needed.  These days modern information security requires far more than just log and event data – it requires the ability to collect and analyze ALL network security data, in real-time.

SIEM leaves a legacy on which information security can build.  There will be a collection – all security data is welcomed.

As for what we, and an increasing number of businesses, Government agencies and security professionals believe the solution is… you’ll have to wait for our next post for that!!

In the meantime why not check out our survey results here

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: