Security Information and Event Management (SIEM) technology has evolved dramatically in recent years. Overcoming the barriers to adoption are worth the time, money and effort says Javvad Malik, security advocate at AT&T Cybersecurity.
The term SIEM – an acronym for Security Information and Event Management – was coined almost a decade-and-a-half ago, in 2005, by two Gartner analysts. But what exactly is SIEM?
In short, this technology allows security operations departments to collect, correlate and analyse log data from a cluster of systems spanning an organisation’s IT infrastructure stack. It does this to identify and report security threats and suspicious activity. Only now is this technology gaining meaningful traction within the cybersecurity industry.
SIEM technology is not easy to implement, which historically has limited its mass adoption and therefore, its real value and importance is not being fully realised. Without going into too much detail, failure to use SIEM to its maximum potential could have extremely damaging consequences for an organisation, both in terms of finance and reputation.
Compliance and regulations require companies to provide audit trails or risk fines; and data breaches which are proven to be preventable can have an adverse effect on their reputations. However, SIEM has evolved dramatically in recent years, along with the technology to support it.
In fact, one of the many standout statistics in AT&T Cybersecurity's new 2019 SIEM Survey Report underlines how highly this technology is thought of in the industry: over three-quarters of the 417 respondents (76 percent) acknowledge that SIEM is “very important to extremely important” to their organisation’s security postures.
Furthermore, almost nine out of 10 people (86 percent) surveyed for one of the most comprehensive reports on this subject said they are satisfied with the effectiveness of their SIEM platform. Their reasons why, in descending order of benefits, are as follows: 1. Faster detection and response; 2. More efficient security operations; and 3. Better visibility of threats.
Moreover, the 2019 SIEM Survey Report reveals that the security professionals surveyed believe SIEM is the most effective cyber defence weapon for: 1. Detecting unauthorised access; 2. Advanced persistent threats; and 3. Insider attacks.
However, the extensive research indicates that the most substantial barrier to overcome to generate the most value out of SIEM remains lack of proper understanding of it in general. In addition, a dearth of skilled security staff to manage it also tops the list of greatest barriers to SIEM. While this is disappointing, it does provide an opportunity for additional automation of threat management.
Many commentators have – from as early as 2011 – declared SIEMs effectively dead, largely thanks to the ascendant rise of big data analytics. Given that the SIEM market is forecast to rise to a value of a $6.75 billion (£5.17 billion) by 2023, according to the Next Gen SIEM market report released last September, the tech is very much alive and kicking.
Admittedly, early versions of SIEMs were somewhat limited; in their infancy, they struggled to scale across large campuses and organisations, and were excruciatingly sluggish to deploy.
Additionally, they required sizeable teams dedicated to managing the platforms, further pushing up overall costs. That was in the past, though, and much in the same way a caterpillar metamorphoses into a butterfly, SIEM technology today is very much a different animal.
What, then, are the main concerns those in the industry have about SIEM technologies right now, and are these worries justified? As highlighted above, the lack of skilled security staff to operate SIEM is creating the single biggest bottleneck to more effective use of the platform. Indeed, some 40 percent of respondents in the 2019 SIEM Survey Report highlighted this major issue.
Other reasons – which are related to the primary issue – include frustrations around the need to create or refine rules manually, a lack of budget, and the SIEM platform producing too many false positive readings.
Also, lack of contextual information from security tools, a paucity of security awareness among employees, plus difficulty implementing and deploying the SIEM solution are common complaints.
Granted, SIEM platforms can become complicated and unwieldy if organisations do not fully commit to investing the time, money and effort required to educate employees and ensure they run smoothly. It is important that business leaders understand what a difference this technology can provide to bolster cybersecurity defences in 2019.
There is no question of the importance of SIEM to an organisation; however, its complexity is clearly still a problem that a lot of companies face. As such, it is well worth the effort to clear the barriers to adoption and find solutions that easily integrate with SIEM that will give organisations more visibility and clarity from their SIEMs. Indeed, SIEM technology itself is continually improving, and becoming a more cost-effective cybersecurity solution.
For instance, SIEM platforms are now highly integrated with other systems and applications – such as intrusion detection and prevision systems, firewalls, and event application logs – to increase the breadth of data analysed to alert and report on security events.
Encouragingly, the 2019 SIEM Survey Report, indicates that attitudes are changing and mass adoption is on the horizon – because those in the C-suite are starting to understand this technology’s true value.
The research suggests that some 40 percent of organisations expect budgets for SIEM technology to increase over the next 12 months by an average of 20 percent. With luck, that trend will continue, and this time next year the SIEM story will be even more positive.
Image under licence from iStockPhoto.co.uk, credit PeopleImages