SIEMs:
Empty Promises
Evolve the conversation from
security data to security correlations
NEW IDEAS, NOT HYPE
Gartner, as an example from their Fall 2019 Security Summit, their number two trend, out of 7 Top Security and Risk Management Trends for 2020, is a renewed interest in implementing or maturing SOCs with a focus on threat detection and response. They further note, “In response to the growing security skills gap and attacker trends, Extended Detection and Response (XDR) tools, Machine Learning (ML), and automation capability are emerging to improve security operations productivity and detection accuracy.” It also published Innovation Insights for XDR on March 19, 2020. XDR is a cohesive security operations platform with tight integration of many security applications in a single platform. The SIEM should be one of many such natively- supported applications among many others, including User and Entity Behavior Analysis (UBA & EBA), Network Traffic Analysis (NTA) and Firewall Traffic Analysis (FTA), threat intelligence, etc.