On-Demand Webcast with Ultimate Windows Security & Rapid7
SIEM is not a new technology yet remains a source of frustration, or at least discontent, for many security professionals I talk to.
I think that’s because SIEM’s purpose is a lofty one but also difficult to achieve.
Log data: first of all, there’s the volume.
Then the cryptic nature, multitudinous formats, the way it changes from one version of a log source to another, and so on.
To this day, consuming different log formats and correctly interpreting their fields remains a foundational issue in SIEM technology.
Simple SIEM solutions tend to be limited in scale and functionality. With more powerful SIEMs come complexity, learning curve, long deployments and burdensome care and feeding. The biggest SIEMs have spawned entire consulting practices dedicated to just tuning and maintaining enterprise installments.
Then there’s the expense. In a world where you need to monitor everything, the licensing model of many SIEMs inadvertently creates a dynamic where you are actively discouraged from monitoring more logs and devices.
Finally, there’s the analytics. Finding the needle in the haystack. You need much more than simple Google-like search or “alert me if you see event ID X”. To answer that need, nearly every SIEM is promising some variation of “machine learning” and “behavior analysis”. But big data has some significant resource requirements that make some delivery models questionable.
In this webinar, we’ll look at the current landscape of SIEM delivery models such as on-prem software, appliances, cloud and hybrid.
We will look at how far SIEM has come and where it still struggles. Then we will look at how emerging trends such as machine learning, behavior analysis, and cloud, impact these issues.
The bottom line is, many SIEM vendors serious about providing on advanced analytics are determining that the cloud is the only way they can deliver. A 4U appliance can only do so much. So even traditionally on-prem SIEM providers are seeing the need to offer advanced analytics capabilities in a hybrid model that customers can opt-in to.
But sending log data to the cloud makes a lot of people nervous. Especially with the fast shifting compliance landscape that emphasizes data sovereignty. We will examine all of this and more in “SIEM Delivery Models: Where Do Today’s Risks and Future Technology Point?”