CSO - Is SIEM dead?
That depends on who is taking its pulse. The press release this past week from eIQnetworks reads a bit like an obituary for security information and event management. According to a recent survey the company conducted with senior security professionals at Global 5000 and federal organizations, SIEM has joined signature-based technologies on the ash heap of IT history.
"The SIEM approach of relying entirely on logs and other event-based information to effectively address modern enterprise threats is now dead," said John Linkous, eIQ vice-president and chief security and compliance officer.
Instead, Linkous said, an iEQ product called SecureVue delivers, "a true unified situational awareness platform that delivers comprehensive security intelligence and provides the real-time information that defenders need to identify, prioritize and respond to modern security threats."
But other infosec experts say they don't expect to be attending a funeral for SIEM anytime soon. The claims of its death, they say, amount to little more than marketing hype for a product.
Dr. Anton Chuvakin, research director at Stamford, Conn.-based Gartner, says no single security measure is adequate on its own, but that SIEM is a tool, and still a good one. "If the question is, 'Does it stop hackers?' then the answer is no. It's not supposed to stop anything," he says. "It is a monitoring technology, and it is still effective -- more so than before."
Linkous acknowledges that SIEM still has value, but says the point iEQ is making is that, by itself, it does not offer the protection that enterprises need against the kinds of threats they now face.
"Nobody is advocating that you pull the firewall (or other security tools) out of your environment," he says, "but if you're relying on that, you're screwed. It has to be part of a layered strategy, but it is only a part."
So, perhaps it's all, or mostly, semantics.
Ed Bellis, CEO of HoneyApps Inc., notes that "every year we go 'round and 'round, saying 'X' technology is dead," but he says the reality is what he declared in a recent speech: "The era of declaring a specific technology dead is dead."
He and others note that the eIQ press release has some qualifiers in it, saying that relying "entirely" on SIEM is no longer effective. SIEM advocates have never claimed it is the only necessary tool in the box.
And Linkous stops short of saying SIEM is useless and will disappear. Chuvakin says, and Linkous agrees in part, that SIEM is "a foundation for situational awareness."
Both sides also agree that situational awareness is not a piece of software that can simply be dropped into a system to provide better security. "Situational awareness does not come in a box," Chuvakin says.
"SIEM is a point product," Linkous says, "which has a fixed function and purpose. Situational awareness is a more holistic function that uses SIEM, but uses dozens of other tools as well."
That is the view of Nicholas Brigman, senior director of security strategy at CompuCom Systems, which has been using SecureVue with a few of its clients for the past couple of years, but now plans to expand it.
"We had been waiting for a tool like this," he says, "not just to do log management, not just SIEM, but how do I look at network patterns? Now we can do that in an integrated way."
All of which points to a continuing evolution of security, but not to the death of SIEM.
Read more about network security in CSOonline's Network Security section.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- A More Predictable Way to Budget Software Costs Wavetronix enables creative collaboration while cost-effectively accessing all the latest tools with Adobe Creative Cloud for teams. For Wavetronix, collaboration was easy when...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface. All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!