CSO - Is SIEM dead?
That depends on who is taking its pulse. The press release this past week from eIQnetworks reads a bit like an obituary for security information and event management. According to a recent survey the company conducted with senior security professionals at Global 5000 and federal organizations, SIEM has joined signature-based technologies on the ash heap of IT history.
"The SIEM approach of relying entirely on logs and other event-based information to effectively address modern enterprise threats is now dead," said John Linkous, eIQ vice-president and chief security and compliance officer.
Instead, Linkous said, an iEQ product called SecureVue delivers, "a true unified situational awareness platform that delivers comprehensive security intelligence and provides the real-time information that defenders need to identify, prioritize and respond to modern security threats."
But other infosec experts say they don't expect to be attending a funeral for SIEM anytime soon. The claims of its death, they say, amount to little more than marketing hype for a product.
Dr. Anton Chuvakin, research director at Stamford, Conn.-based Gartner, says no single security measure is adequate on its own, but that SIEM is a tool, and still a good one. "If the question is, 'Does it stop hackers?' then the answer is no. It's not supposed to stop anything," he says. "It is a monitoring technology, and it is still effective -- more so than before."
Linkous acknowledges that SIEM still has value, but says the point iEQ is making is that, by itself, it does not offer the protection that enterprises need against the kinds of threats they now face.
"Nobody is advocating that you pull the firewall (or other security tools) out of your environment," he says, "but if you're relying on that, you're screwed. It has to be part of a layered strategy, but it is only a part."
So, perhaps it's all, or mostly, semantics.
Ed Bellis, CEO of HoneyApps Inc., notes that "every year we go 'round and 'round, saying 'X' technology is dead," but he says the reality is what he declared in a recent speech: "The era of declaring a specific technology dead is dead."
He and others note that the eIQ press release has some qualifiers in it, saying that relying "entirely" on SIEM is no longer effective. SIEM advocates have never claimed it is the only necessary tool in the box.
And Linkous stops short of saying SIEM is useless and will disappear. Chuvakin says, and Linkous agrees in part, that SIEM is "a foundation for situational awareness."
Both sides also agree that situational awareness is not a piece of software that can simply be dropped into a system to provide better security. "Situational awareness does not come in a box," Chuvakin says.
"SIEM is a point product," Linkous says, "which has a fixed function and purpose. Situational awareness is a more holistic function that uses SIEM, but uses dozens of other tools as well."
That is the view of Nicholas Brigman, senior director of security strategy at CompuCom Systems, which has been using SecureVue with a few of its clients for the past couple of years, but now plans to expand it.
"We had been waiting for a tool like this," he says, "not just to do log management, not just SIEM, but how do I look at network patterns? Now we can do that in an integrated way."
All of which points to a continuing evolution of security, but not to the death of SIEM.
Read more about network security in CSOonline's Network Security section.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts