Predictions: The Next-Gen SIEM Will Be Very Different

Predictions- Next-Gen SIEM Will be Very Different.jpg

By Itay Yanovski

Experts looking at 2019’s cybersecurity environment are predicting that the “next-gen” SIEM will be a redefined SIEM. That is, security teams will start using more technologies to achieve detection and response versus simply relying only on SIEM alone. But deploying more and more technologies is not enough.

Organizations that have reached “security maturity” don’t just need to monitor, they also need to detect and respond – respond to different incidents, environments, and types of threats before they enter the organization’s perimeter. Most of all, they need to manage, and this means orchestrating and automating all the threat alerts, intelligence, mitigation, and response.

In 2019, organizations will look at Security Operations Centers (SOC) in quite a different way. They will:

  • Go over and beyond the SOC itself, appreciating more and more the point of view of a managed SOC as providing what a SIEM-based SOC by itself cannot achieve in terms of effective detection and response

  • Move from the hyped-up AI and machine-learning technologies, which have yet to prove their value, and focus instead on collection capabilities, orchestration and automation, which see ROI very quickly

  • Adopt Managed Detection and Response operations that are more focused on advanced threats and compliance than the SIEM

They must adopt this new focus in the coming year as they see the:

  • Convergence of brand protection and fraud prevention with cybersecurity

  • Growth of CISOs and CIOs/CTOs’ scope of responsibility to include preventing revenue loss due to fraud and brand infringement

  • Convergence in reporting requirements to corporate boards and senior management of legal and CIOs due to increasing focus on PII regulation, including GDPR

  • Increase in the complexity of security environment and the need to address more sophisticated attacks

  • Increase in attacks that could be detected much earlier within the external environment using digital risk protection platforms and mitigated before entering the companies’ perimeters

  • On the vendor side: increasing consolidation of point solutions into suites of solutions (e.g. social media monitoring with brand protection)

  • Critical need of real-time automation, enabled with AI and ML technologies, to detect and respond to attacks

  • Increasing requirement by medium and large enterprises for business processes automation and converged response across IT, marketing, finance and HR departments

According to Enterprise Strategy Group research, 19% of enterprise organizations have already deployed technologies for security automation and orchestration extensively, 39% have done so on a limited basis, and 26% are engaged in a project to automate/orchestrate security operations.

Has your organization begun?

 
 

About Itay Yanovski

Itay Yanovski is co-founder & SVP strategy at CyberInt, which eliminates potential threats before they become crises by looking at all online activities and digital assets from an attacker’s perspective and provides managed detection and response services to customers worldwide. CyberInt provides holistic end-to-end protection to digital businesses in retail, e-commerce, gaming and financial industries.

More About Itay