CYBER RESILIENCE
IS YOUR AGENCY READY FOR NEXT
GENERATION SIEM?
As data stores continue to grow, SIEM tools are stepping up
with advanced monitorG
ing and analysis capabilities.
OVERNMENT AGENCIES
are generating and consuming more
and more data. Their determination to perform the analytics required to pursue hacks and defuse security exploits
Gartner research director Anton Chuvakin says he envisions the debut of new and greatly improved analysis algorithms. These should also be able to operate in newer environments such as hypervisors and deep within applica- tions, “where an IP address means nothing and logs are even more esoteric.”
Next generation SIEM technologies are also likely to incorporate a variety of new analytics techniques, including ways to help Security Operations Center (SOC) managers identify threats by examining behavioral patterns across security datasets. For example, growing demand for security analytics reflects the expanding interest in bringing commercial business intelligence technologies into the SOC to help analyze security datasets.
As agencies encounter more sophisticated adversaries, challenges remain across the
SOC. These challenges include how to handle security at the big data scale and how to reduce the time to respond to security attacks. Other ongoing hurdles include improving consistency and efficiency within the SOC, and how to integrate analytics capabilities to produce high quality results. Ultimately, however, building the next generation SOC will depend on how well agencies use next generation SIEM. It also depends greatly on how well it’s executed by individual analysts.
Looking ahead, agencies with large security programs may not be meeting the mark. In driving the capabilities of the SOC using next generation SIEM, however, as well as new analytical capa- bilities, agency security executives should be able to move cybersecurity programs much further downfield—and do a much better job.
Tammy Torbert is World Wide Solutions Architect, Federal, HPE.
SPONSORED CONTENT
TAMMY TORBERT
WORLD WIDE SOLUTIONS ARCHITECT, FEDERAL, HPE
across their networks is driving this data deluge. Now they may be asking themselves, though, is their big data diet getting too big?
According to Gartner researchers, the amount of data expected to be pooled and analyzed by enterprise security providers will double through the end of this year. At that rate, data stores may tax the ability of agencies to perform sufficient threat analysis on their data early enough to prevent the next breach.
Over the past decade, the workhorses of security data collection and analysis have been Security Incident and Event Management (SIEM)—a set
of services offering real-time monitoring and correlation of security events as well as long-term storage and the reporting log data. SIEM combines security information management and security event management to analyze security alerts generated by network hardware and applications. These technologies also log security data and generate compliance reports.
Given the amount of information being collected and analyzed, SIEM is under constant pressure to do more with less. Security research- er Marcus Ranuum recently suggested it was time to establish a next generation of SIEM capable of producing “less data that is more sig- nificant, while absorbing even more raw input.”
Next generation SIEM technology will likely include advances in the data collec- tion and analysis of contextual data. It will also have new algorithms for both historical and real-time data analysis and the ability to monitor cloud and other emerging virtual environments.
S-12