How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools

Brought To You By Rene Mulyandari 

The use of multiple applications from different providers has been the norm among organizations for decades now. It rarely happens that a company uses software provided by the same developer in all areas. This is noticeable when it comes to enterprise cybersecurity, as organizations tend to use different tools for their web application firewall, virus and malware defense, email scanning, and other security-related purposes.

While there are compelling reasons to adopt a multi-vendor model in addressing enterprise software needs, there are also arguments in support of sourcing software from one or a few providers. In the case of Security Information and Event Management (SIEM), in particular, it is much easier to analyze security data and respond to security incidents when security controls are from the same vendor or from a few integrated developers.

However, not all organizations can easily replace their security controls to undertake SIEM more easily. Many have already been using multiple security controls from different vendors before SIEM became a requirement for compliance with GDPR, PCI DSS, and other regulations.

Next gen SIEM vs Disjointed Security Tools

Addressing the challenges of multi-vendor enterprise software does not have to mean replacing existing tools with integrable ones or those from a common vendor. With next gen SIEM, unifying disjointed security tools and data sources is more easily achievable.

Nex gen SIEM is a comprehensive approach to cybersecurity that resolves the risks associated with disjointed security tools. It addresses the limitations of traditional SIEM solutions, especially in terms of managing the fragmentation in cybersecurity tools. Disjointed tools are not only inefficient; they also translate to poor security visibility and the greater possibility of failing to spot vulnerabilities and address weaknesses.

Next gen SIEM is designed to provide a unified platform to integrate all security tools and data sources, enabling quick information management and analysis as well as prompt response to attacks. However, integration is not the only improvement it offers. To comprehensively resolve the challenges of disjointed security controls, it also offers the following enhancements.

Better Data Coverage & Management

Next generation SIEM expands beyond system logs and events–the kinds of data covered by conventional SIEM. It scans data from all available sources including cloud service data, on-premise logs, and network data. Cloud and on-premise data are those generated by security controls, databases, and apps. Network data come from endpoints, intrusion detection tools, flows, and packets. Next gen SIEM is built for full visibility and ensures that data from all relevant sources are obtained to facilitate effective security information and incident management.

Data Normalization & Enrichment

To ensure that the data collected are usable, it is crucial to make them consistent or compatible with each other. Also, in cases where data is incomplete, it is essential to fill the data gaps to establish the full picture. This is where next gen SIEM’s emphasis on data normalization and enrichment is vital. Normalization ensures data consistency and compatibility to expedite analysis, while enrichment is undertaken to discover missing data to achieve greater accuracy in analytics and event response. Also, data has to be normalized and enriched to be useful to AI or machine learning systems.

Artificial Intelligence

AI or machine learning is not new technology, but it took some time for it to be integrated in security information and event management. Next gen SIEM is built to enable proactive threat detection with the help of artificial intelligence. It does not only rely on threat intelligence to detect and address attacks. 

Machine learning facilitates the benchmarking of normal behavior which serves as one of the bases for detecting anomalous or suspicious activities. Referred to as User and Entity Behavior Analytics (UEBA), this AI-driven technology continuously monitors activities in a network to detect potentially dangerous activities or those that deviate from behaviors considered normal or safe.

Another use of AI in next gen SIEM is addressing the problem of information overload. With multiple disjointed security tools producing various types of data, the alerts and other information can become overwhelming. This can result in alert fatigue, which causes organizations to miss crucial notifications or fail to act promptly on urgent security events.

An IDC study estimates that up to 30 percent of security alerts are ignored or not properly investigated because of the complexity of their security systems and the deluge of information security analysts have to deal with. Machine learning can sort and prioritize alerts to ensure that the most urgent concerns are addressed in a timely manner and automate the responses to basic alerts.

Optimal Cloud & Hybrid Use

Many of the next gen SIEM platforms available nowadays are designed to be cloud-native, which is logical given how cloud technology enables the seamless sharing of information and deployment from anywhere. Next generation SIEM can bring together different security controls not only within a local network but also across different geographic locations.

Some next generation SIEM platforms feature built-in multi-tier, multi-tenant and multi-site functionalities to support the strategy an organization adopts instead of making the strategy adapt to the platform. A multi-tier architecture supports the efficient sharing of resources, which does not only make for easier and faster deployment but also extensive scalability. 

Multi-tenancy is intended for complex enterprises that require granular control over how their security system is deployed and enables the creation of specialized operational views to suit specific needs. Multi-site functionality, on the other hand, ensures full security visibility even for data that should be physically stored and secured in specific locations in line with data privacy and security regulations.

The Problem With Disjointed Tools

Is the use of disjointed security tools a serious problem? There is no doubt that it can be problematic because it results in inefficiency, reduced effectiveness, and poor security visibility. Security controls from different developers are usually not designed to work together. The lack of coherence among multiple security tools makes it difficult to achieve a comprehensive view of the threats affecting an organization.

Moreover, disjointed tools may also create redundancies and inconsistencies. These can lead to confusion, complexities, and difficulties in security posture management. It allows persistent vulnerabilities to continue weakening security postures. It aggravates security gaps and makes it harder to find and respond to security threats. It also worsens the problem of alert fatigue.

Disjointed security tools are not a new problem in cybersecurity. However, because of new technologies and paradigms, this problem has evolved into a form not addressable by the conventional ways of conducting security information and event management.

Next generation SIEM’s purpose is not that different from standard SIEM’s. Both are designed to enable optimum security visibility and make the most out of the security controls deployed in an organization. The next gen iteration, however, emphasizes the need to keep up with new security challenges particularly when it comes to more complex infrastructures and environments, the prominence of cloud use, the use of new types of IT assets, and the rapid evolution of threats.

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« T-Mobile Hacker Exposes 37m Customers' Personal Data
The Back Door Threat To Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

Penta Security Systems

Penta Security Systems

Founded on its data encryption technology, Penta Security Systems is a leading provider of web and data security products, solutions and services.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

National Cybersecurity Consortium (NCC)

National Cybersecurity Consortium (NCC)

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.