While SIEMs Are Necessary, They Are No Longer Sufficient

While SIEMs are necessary, they are no longer sufficient.jpeg

By Rick Costanzo

Attacks on enterprise networks are coming from a growing number of different threats, faster than previously thought possible. Successful cyber attacks result in exposing sensitive customer data, an immediate loss of revenue, and a long-lasting damage to your brand.

Currently, Chief Information Security Officers (CISOs) and Security Analyst teams turn to Security Information and Event Management (SIEM) solutions for the backbone to enterprise security networks. These solutions have proven paramount to security survival. They analyze data to detect malicious cyber attacks across data, devices, systems, applications, and network infrastructures. In addition to security, SIEMs also support compliance reporting and incident investigations.

But are SIEMs still the answer? SIEMs aren't going away any time soon – but maybe the better question is whether SIEM alone is sufficient to address the changing security needs of businesses.

There are many different types of SIEM vendors: IBM, Splunk, McAfee, Trustwave, RSA –the list could go on. CISOs know them very well and the market for SIEM is only expected to grow. One report has the market reaching $5.93 billion by 2021, a compound annual growth rate of more than 12 percent.

Despite SIEMs’ success and projected growth, the number of security attacks on enterprise networks continues to grow daily: 

Right now, the market is convinced that Artificial Intelligence (AI) will help CISOs and enterprise security teams combat cyber attacks, and SIEM vendors are looking for ways to incorporate it.

AI is used to identify anomalies in network traffic and increase the protection against cyber attacks. This technology helps to identify malware more rapidly, detect individuals not authorized to access the network, and spot traffic corresponding to potentially malicious sites.

For most vendors using AI to combat cyber attacks, including SIEMs, an unfortunate consequence in these early days is potentially making the lives of CISOs and Security Analysts more challenging.

AI helps to identify anomalies, but in cybersecurity, anomalies don’t always equal malicious activities. According to one recent survey, 37 percent of large enterprises receive more than 10,000 AI-related security alerts each month. Fifty-two percent of those alerts were false positives and 64 percent were redundant alerts. Which means that many of these companies are left to manually review thousands of false positives every month.

Consider this example: An employee accesses internal network servers and data sources never accessed before and these actions are flagged as potentially malicious. Perhaps this same employee is also viewing web content that no one in the organization has ever previously accessed. Malicious? Maybe. The problem is, what is the context of these actions? The employee could have been re-assigned to a new team or working on a completely new project that required massive amounts of external research. Regardless, IT has to manually process these false positives.

Compounding this issue is the shortage of 2 million cybersecurity professionals worldwide, the very people who are qualified to assess these possible threats.

Systems are identifying more possible threats and businesses have fewer resources with which to respond. In short, cybersecurity is becoming more complicated, and the right skills are in short supply.

It’s time for the conversation to change, starting with the fact that cybersecurity best practices should include multiple layers of protection. While SIEMs are necessary and CISOs’ investments in them should be protected, they are no longer sufficient given the growth in the complexity, scale, and persistence of today’s threats. New approaches are needed to hunt for threats in real time, and at scale.

Artificial Intelligence isn’t a silver bullet for cybersecurity. We need to move beyond the hype of AI and focus on the things that it can actually do for cybersecurity today.

New tools can dramatically reduce the number of false positives plaguing security teams. AI is used to detect anomalies, but AI combined with the right tools and the right skills can add context to results and quickly zero in on the most credible threats for swift action. This combination is the silver bullet. The answer sits at the intersection of these three critical components.  

About Rick Costanzo

Rick Costanzo is CEO of Rank Software, an AI security platform provider.  

More About Rick