Cybersecurity experts around the world do everything in their power to foresee the future of SIEM (security information and event management) solutions, challenges, and technology. Of course, their ambition is understandable: in a field as stressful and as consumed by perpetual anxiety as ours, any hint of what the future might hold can provide insight into stopping future cyber attacks and maintaining the security of enterprise digital assets.
Of course, as with any prediction of the future, the future of SIEM is hotly debated and disputed. Consensus only exists in the broad strokes—that we will need SIEM more than ever as detection becomes even more necessary to stop hackers.
We here at Solutions Review decided to try our hands at gazing into the crystal ball at the future of SIEM. While we may not have definitive answers, we certainly found some intriguing questions:
Compliance Will Matter…But How Much?
In the earliest days of SIEM, the most central security capability in its suite was its ability to help larger enterprises fulfill their regulatory compliance mandates. Indeed, SIEM solutions can help enterprises correlate relevant security data and compile them into the proper forms to pass regulatory audits.
However, as the SIEM market matured and the cybersecurity paradigm shifted from a prevention to detection focus, SIEM’s threat intelligence and threat detection capabilities became far more valuable in the eyes of enterprises both large and small. While the compliance aspect is still important—there are compliance mandates for nearly every industry in existence—it’s definitely taken a back seat to the vendors’ innovations in detection.
The question for the future of SIEM is whether this pattern will continue or whether compliance will experience a resurgence in emphasis. This possible future depends on the direction of American public policy concerning cybersecurity. The recent passage of the California Consumer Privacy Act of 2018 has raised the prospect of an American GDPR coming to pass. Given how much panic, confusion, and distress the EU’s GDPR caused in the build-up and aftermath of its enforcement date earlier this year, enterprises may once again come to rely on SIEM’s compliance to stay afloat.
In the Future of SIEM, WIll Machines Replace People?
The common consensus surrounding security AI and machine learning algorithms in SIEM solutions is that it isn’t quite ready to actually replace human threat experts or human IT security teams in enterprises of any size.
Skeptics of machine learning technology—which can learn and analyze data patterns independently of human intervention to identify and remove digital threats—points out that if it was truly ready to take sole responsibility for enterprise security, we would see a reduction in cybercrime or in false positives. So far, we haven’t seen either. Machine learning is as dependent as ever on the human experts giving them the data sets to work off of—which may become obsolete, insufficient, or may be flawed from the beginning.
Yet at the same time, the potential of machine learning in the future of SIEM is certainly undeniable. Machine learning can find unusual behavioral patterns hiding in time-stamps, IP addresses, and login requests (as just a few examples) from across the IT environment—patterns which may elude human eyes. Experts believe that machine learning either is or will be essential in preventing IT security team burnout or overworking.
Additionally, while they are dependent on human expertise to initially program them, there is no reason to assume that this will always be the case. As technology advances, it is quite plausible that machine learning algorithms could draw from pre-existing AI programs to understand suspicious activities.
According to technology research giant Gartner, 40% of enterprises are testing AI solutions or beginning to pilot them. User and Entity Behavior Analytics (UEBA) has largely been absorbed into SIEM and becoming a highly-prized capability. With so much investment and exploration into the technology, who is to say machine leadership isn’t one possible future of SIEM?
The Future of SIEM Will Take to the Cloud?
It would make sense that the future of SIEM would follow the future of enterprises’ IT environments. Since cloud adoption and digital transformation have become enterprise obsessions over the past few years—seeing especial emphasis over the past 12 months—that SIEM would seek to shed its on-premises boundaries and take to the cloud as well is no surprise. Indeed, because it can be deployed across increasingly disparate enterprise networks, cloud-based SIEM will most likely take precedence over on-premises SIEM solutions in the near future. It may be best to prepare for that future of SIEM—of all possible futures, it certainly seems the most plausible to us!
Latest posts by Ben Canner (see all)
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019
- The 11 Top Enterprise Threat Intelligence Platforms of 2019 - October 9, 2019