IT security is changing: if the SIEM is dead, what's next?

September 03, 2015 // By Tim Bury
The job of securing IT assets, customer data and intellectual property has become a mission critical task at organizations around the globe due to the increasing frequency and sophistication of cyber breaches.

No company or government wants to be in headlines due to lax security practices. The severe financial and reputational implications are making cyber security a board-level concern.

Companies are increasingly turning to managed security service providers (MSSPs) to bring added manpower and expertise to the problem. Traditional, security point solutions such as Security Information and Event Management (SIEM) systems have failed to provide adequate breach detection. If you doubt this, ask yourself - when was the last time your SIEM provided truly useful intelligence?

When we say 'useful’, we mean more than a simple log event from an antivirus server. What about an actual cyber-threat facing your business? Chief Information Security Officers (CISOs) need to think like detectives on the lookout for cyber criminals threatening your enterprise.

If you are still struggling to recollect a useful incident notification, it is safe to assume that your SIEM is not meeting your business requirements. This is likely because most SIEM systems deliver such a high volume of notifications. Information overload makes it challenging for IT staff to actually understand and identify what is a real threat and what is not.

This is not an isolated issue; it affects IT security teams of all sizes. So much noise is generated that it becomes virtually impossible to follow up legitimate threats. Scale also has an impact, even a decent sized team of experienced security professionals lacks the time to manually analyze the terabytes of log data generated on a global network.

Finding an answer

So what are the alternative options? Thankfully for under-pressure CISOs, a number of managed security service providers have begun to change how IT security is implemented with a multi-layered approach to solution design and delivery.

At the forefront of this shift is machine learning, the next generation of artificial intelligence that employs complex algorithms, big data analysis and behavioral profiling for the entire network. Systems such as these are capable