Born 2000. Died 2011.
It is with some sadness that today we announce the death of SIEM. Born to a fanfare of promises at the dawn of the information economy as we now know it, SIEM was lauded as a tool that would protect an increasing volume of data from prying eyes and ne'er-do-wells - both on the inside and the outside.
It tried its best, but nobody could have predicted what was to come.
- SIEM promised security professionals the opportunity to collect security data from across their network; to provide a consolidated and unified view of their security position. Yet, Advanced Persistent Threats with no common signature or vector now strike indiscriminately at the hearts of organizations like Sony, the International Monetary Fund, Epsilon, Sega, Sony (again) and the CIA. SIEM doesn't even provide the visibility to quickly identify the mode, vector or target of an attack even when an organization knows it is coming!
- SIEM promised to enable ALL security data to be collated via a single console. Yet, breach detection still requires teams of people to sit inside darkened rooms with a multitude of printed reports, in order to manually cross check data in an attempt to identify anomalies. The average response time for a breach currently stands at 18 days!
- SIEM promised to equip security professionals at large organizations to identify breaches quickly and enable them to take action. It delivered for a while, when attacks were signature-based or attacks exploited known vulnerabilities, but in a world of advanced, persistent cyber- and insider-based threats it offers no visibility into attacks exploiting misconfigured or badly secured networks.
And, we're not alone. Sixty-five percent of the senior security professionals we asked said that they weren't confident that their SIEM tools would provide them with the protection they needed.
These days modern information security requires far more than just log and event data - it requires the ability to collect and analyze ALL network security data, in real-time.
SIEM leaves a legacy on which information security can build. There will be a collection - all security data is welcomed.
As for what we, and an increasing number of businesses, Government agencies and security professionals believe the solution is... you'll have to wait for our next post for that!!
Cross-posted from The Situational Room