How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools

Brought To You By Rene Mulyandari 

The use of multiple applications from different providers has been the norm among organizations for decades now. It rarely happens that a company uses software provided by the same developer in all areas. This is noticeable when it comes to enterprise cybersecurity, as organizations tend to use different tools for their web application firewall, virus and malware defense, email scanning, and other security-related purposes.

While there are compelling reasons to adopt a multi-vendor model in addressing enterprise software needs, there are also arguments in support of sourcing software from one or a few providers. In the case of Security Information and Event Management (SIEM), in particular, it is much easier to analyze security data and respond to security incidents when security controls are from the same vendor or from a few integrated developers.

However, not all organizations can easily replace their security controls to undertake SIEM more easily. Many have already been using multiple security controls from different vendors before SIEM became a requirement for compliance with GDPR, PCI DSS, and other regulations.

Next gen SIEM vs Disjointed Security Tools

Addressing the challenges of multi-vendor enterprise software does not have to mean replacing existing tools with integrable ones or those from a common vendor. With next gen SIEM, unifying disjointed security tools and data sources is more easily achievable.

Nex gen SIEM is a comprehensive approach to cybersecurity that resolves the risks associated with disjointed security tools. It addresses the limitations of traditional SIEM solutions, especially in terms of managing the fragmentation in cybersecurity tools. Disjointed tools are not only inefficient; they also translate to poor security visibility and the greater possibility of failing to spot vulnerabilities and address weaknesses.

Next gen SIEM is designed to provide a unified platform to integrate all security tools and data sources, enabling quick information management and analysis as well as prompt response to attacks. However, integration is not the only improvement it offers. To comprehensively resolve the challenges of disjointed security controls, it also offers the following enhancements.

Better Data Coverage & Management

Next generation SIEM expands beyond system logs and events–the kinds of data covered by conventional SIEM. It scans data from all available sources including cloud service data, on-premise logs, and network data. Cloud and on-premise data are those generated by security controls, databases, and apps. Network data come from endpoints, intrusion detection tools, flows, and packets. Next gen SIEM is built for full visibility and ensures that data from all relevant sources are obtained to facilitate effective security information and incident management.

Data Normalization & Enrichment

To ensure that the data collected are usable, it is crucial to make them consistent or compatible with each other. Also, in cases where data is incomplete, it is essential to fill the data gaps to establish the full picture. This is where next gen SIEM’s emphasis on data normalization and enrichment is vital. Normalization ensures data consistency and compatibility to expedite analysis, while enrichment is undertaken to discover missing data to achieve greater accuracy in analytics and event response. Also, data has to be normalized and enriched to be useful to AI or machine learning systems.

Artificial Intelligence

AI or machine learning is not new technology, but it took some time for it to be integrated in security information and event management. Next gen SIEM is built to enable proactive threat detection with the help of artificial intelligence. It does not only rely on threat intelligence to detect and address attacks. 

Machine learning facilitates the benchmarking of normal behavior which serves as one of the bases for detecting anomalous or suspicious activities. Referred to as User and Entity Behavior Analytics (UEBA), this AI-driven technology continuously monitors activities in a network to detect potentially dangerous activities or those that deviate from behaviors considered normal or safe.

Another use of AI in next gen SIEM is addressing the problem of information overload. With multiple disjointed security tools producing various types of data, the alerts and other information can become overwhelming. This can result in alert fatigue, which causes organizations to miss crucial notifications or fail to act promptly on urgent security events.

An IDC study estimates that up to 30 percent of security alerts are ignored or not properly investigated because of the complexity of their security systems and the deluge of information security analysts have to deal with. Machine learning can sort and prioritize alerts to ensure that the most urgent concerns are addressed in a timely manner and automate the responses to basic alerts.

Optimal Cloud & Hybrid Use

Many of the next gen SIEM platforms available nowadays are designed to be cloud-native, which is logical given how cloud technology enables the seamless sharing of information and deployment from anywhere. Next generation SIEM can bring together different security controls not only within a local network but also across different geographic locations.

Some next generation SIEM platforms feature built-in multi-tier, multi-tenant and multi-site functionalities to support the strategy an organization adopts instead of making the strategy adapt to the platform. A multi-tier architecture supports the efficient sharing of resources, which does not only make for easier and faster deployment but also extensive scalability. 

Multi-tenancy is intended for complex enterprises that require granular control over how their security system is deployed and enables the creation of specialized operational views to suit specific needs. Multi-site functionality, on the other hand, ensures full security visibility even for data that should be physically stored and secured in specific locations in line with data privacy and security regulations.

The Problem With Disjointed Tools

Is the use of disjointed security tools a serious problem? There is no doubt that it can be problematic because it results in inefficiency, reduced effectiveness, and poor security visibility. Security controls from different developers are usually not designed to work together. The lack of coherence among multiple security tools makes it difficult to achieve a comprehensive view of the threats affecting an organization.

Moreover, disjointed tools may also create redundancies and inconsistencies. These can lead to confusion, complexities, and difficulties in security posture management. It allows persistent vulnerabilities to continue weakening security postures. It aggravates security gaps and makes it harder to find and respond to security threats. It also worsens the problem of alert fatigue.

Disjointed security tools are not a new problem in cybersecurity. However, because of new technologies and paradigms, this problem has evolved into a form not addressable by the conventional ways of conducting security information and event management.

Next generation SIEM’s purpose is not that different from standard SIEM’s. Both are designed to enable optimum security visibility and make the most out of the security controls deployed in an organization. The next gen iteration, however, emphasizes the need to keep up with new security challenges particularly when it comes to more complex infrastructures and environments, the prominence of cloud use, the use of new types of IT assets, and the rapid evolution of threats.

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« T-Mobile Hacker Exposes 37m Customers' Personal Data
The Back Door Threat To Cybersecurity »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Mindgard

Mindgard

The Mindgard Security Copilot platform secures your Artificial Intelligence, GenAI and LLMs.

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.

National Protective Security Authority (NPSA) - UK

National Protective Security Authority (NPSA) - UK

NPSA is part of MI5 and is the National Technical Authority for physical and personnel protective security. By making the UK more resilient to national security threats, we help to make the UK safe.