Skip to content

Identify attacks while they are in progress, and take action at that time.

September 23, 2011

A recent report by The Ponemon Institute states that the average response time for an enterprise breach is 18 days.  Let me repeat that, just in case you didn’t catch it the first time: The AVERAGE response time for a modern cyber or insider attack is 18 days.

It’s true that when SIEM first came on to the security scene, amid claims that this new tool would enable security analysts to identify and take action against them vendors didn’t specify how quickly.  It delivered for a while, when attacks were signature-based or exploited known vulnerabilities – but in a world of advanced, persistent cyber- and insider-based threats, tools like SIEM that rely on only log and event data offer no visibility into attacks exploiting misconfigured or badly secured networks.

If, after ten years after their birth this is the best they can do in the face of advanced persistent cyber and insider threats, it’s fair to say that they haven’t delivered on their promise.  SIEM is Dead.

In an environment of advanced persistent threats that can cause serious damage to systems, processes, bottom line and reputation within hours, 18 days is no protection at all. SIEM is Dead!

I spoke with Taylor Armeding at the end of last week for an article he was writing for CSO magazine exploring our claim that that SIEM is dead in some depth.  During our conversation we agreed that SIEM still has a role to play in security large enterprise networks; but as data collectors for more sophisticated systems that offer the ability to analyze ALL network security data in real time, via a single pane of glass, to enable you to identify an attack while it’s still in progress and – this is most important – take action to repel it and/or mitigate the damage then YOUR SIEM is definitely dead.

If your SIEM is dead, then we should talk.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: