Is SIEM Dead – or is SIEM being Transformed?

Is SIEM dead - or is SIEM being transformed?

For those not familiar with it, SIEM is a combination of security event management (SEM) and security information management (SIM).

It is two parts - SEM and SIM - that when joined together make for something else entirely.

SEM.  The SEM part of SIEM is focused on quasi real-time monitoring and correlation of security-relevant events and alerting and notification necessary to warn human operators - typically a trained security analyst - to pay attention and take action.

SIM.  The SIM part of SIEM is focused on storage and post-event analysis of SEM related data and reporting - often lumped together with security forensics - about the data aggregated through a SEM system.

The now commonplace rapid-fire media coverage of cyber-attacks, one after another, raises the question: is SIEM up to the job or not?

Let's find out whether SIEM is dead or simply being transformed.

Is SIEM dead?

It's defenders - and certainly its makers - say that SIEM is an essential component (some go further and say it is a foundation) for cyber-defense.

Its proponents correctly point out that SIEM reduces the time to discovery of cyber-events.

Is SIEM essential, or not?

SIEM has become a bedrock foundation for collecting, aggregating and storing security-relevant events from assets and digital events occurring across the enterprise network.

You can think of SIEM as a first generation of big data for security, using highly structured data.

But aggregating data and analyzing the data collected from and stored in traditional SIEM repositories are two very different things.

Using it effectively means its analytics are tuned to your business processes, risk priorities and the data fed to it.

In the old days - just four to five years ago - the time to discovery averaged many months: on the order of 6 to 9 months.

Now, where SIEM is used successfully, it reduces the time to discovery of security events to 15 minutes or less.

But SIEM is not present everywhere: its use is dominant among large enterprises, and declines thereafter as the size of organizations decline.

Those using SIEM effectively are estimated to be less than 25 percent of those that have it installed, and this is being generous according to its most ardent practitioners.

SIEM is transforming

The first generation of SIEMs are metamorphosing and due to two natural changes in a) technology and b) delivery.

Technology change transforming SIEM

Technology changes transforming SIEM include types of data collected and stored, the analytics feeding on and learning from the data fed to it, analytics that are learning from highly skilled security analyts, analytics that are performing low-level tasks, and whether the findings surfaced by SIEM are relevant to the business of the organization.

Delivery change. These include changes to SIEM being delivered and consumed as a service, both as a managed SOC (security operations center) service as well as a subscription service. Not only are the old days of high-priced capital going away, but the service delivery options now make it relatively easier - and less of a high-wire act - to turn SIEM on, which is already expanding market interest and expansion.

Is SIEM dead?

The first generation of SIEM is transforming and will never be the same.

The changes occurring to SIEM are of ones of evolution and natural selection.

First generation SIEM is dead

May its offspring have a long and productive life.

Related Research

Broad Spectrum Security Force Multipliers and Market Adoption

No CMDB - Problem or Opportunity?

Can You Say Security as a Service?

 

 

Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not