So do we actually still need SIEM?
The fluorescent lights piercing. The noise of the crowds cheering and stamping are deafening. Both contenders pounding their feet on the canvas. The old heavyweight,
security information and event management (SIEM), is swinging wildly but the new contender, user behaviour analytics (UBA) is landing quick and fast jabs. The new entrant is bobbing and weaving to miss the heavyweight’s hits. What seemed like a clear win for SIEM is now starting to take an interesting turn.
Could the new kid on the block knockout SIEM?
When you think of cyber security monitoring capabilities, most people would
automatically think of SIEM. They are widely used by organisations to keep an eye on any dodgy activity by collecting, aggregating and correlating security events and asset information.
But a new challenger – UBA – has entered the market. And while not as ubiquitous in cyber security shops, UBA promises to pack a punch when it comes to identifying and responding to cyber threats.
The concept of SIEM – at a high level – has remained similar over the years. However, it has and is evolving. For instance, SIEM vendors are looking to move to faster databases in order to use big data and provide better context.
SIEM helps cyber security teams to pinpoint security vulnerabilities quickly. The drawback, however, is that SIEM still takes a lot of up-front effort to get running smoothly, and may take months to get into full production. And like in a fight, brute strength won’t always mean victory; you need to be quick on your feet.
And much like winning a boxing match, the end is wonderful. But a lot of blood, sweat and tears goes into getting to that point.
While SIEM, when implemented well, can provide great value to a cyber security operation, the implementation itself can be a daunting task.
UBA was born in an effort to alleviate the stress that comes part in parcel of implementing a SIEM solution. These solutions eat up a large amount of data, use clever machine learning technology to do the heavy lifting and better detect what users on your network are up to.
Along with a host of other benefits, like the ability to create your own policies and define what is and isn’t crucial, its biggest USP is its ease of getting everything up and running.
The one-two punch
So do we actually still need SIEM? In short, yes.
Mainly because a lot of companies already have a SIEM in place and forklifting the solution out and replacing with a UBA solution might cause internal chaos in your execs head, given the sheer amount of money – and time – that goes into SIEM.
In fact, if you have a SIEM in place, a UBA platform could provide valuable insight to help tune your SIEM. And in a world where cyber criminals are getting smarter and their tactics becoming more sophisticated, shouldn’t businesses be covering all bases?
You can use UBA to find previously unlooked-for threats, ingesting alerts into SIEM to add precision and context to your detection and response efforts. And don’t just take my word for it. Noted SIEM and data analytics vendors have recently added UBA to their platforms. So you needn’t replace one of these solutions for the other; the two teaming together stand the best chance is guarding businesses against cyber criminals.
Back to the ring. Two more seconds left of the final round. Final jabs fly from both. The bell shrieks and the whooping crowd eagerly await the verdict. Both contenders have their heads down waiting. The judges say it’s too close to call; it appears to be a tie. Until next time…