Despite being the fastest growing security software segment in the world, SIEM is under attack. Security pros (and vendors) have been saying SIEM is dead since way back in 2011. However, those sentiments usually amounted to little more than wishful thinking. But now, a real threat to the SIEM throne has risen, as new technologies such as big data security analytics and UEBA set their sights on the SIEM piece of the cybersecurity market.
This week, security analytics firm Cyphort Inc. took the rising anti-SIEM sentiment to a whole new level when it revealed a new security analytics platform named—wait for it— the Anti-SIEM.
The new software solution builds on Cyphort’s background in advanced threat detection and adds a scalable analytics engine that ingests, analyzes, and correlates data from Cyphort collectors and other security tools deployed in the network. Consolidated results are then presented, along with identity information, as an adjustable timeline view of the complete security incident.
“The Anti-SIEM is the result of extensive research that Cyphort conducted with nearly 1,000 SIEM users from large organizations across the US,” said Manoj Leelanivas, CEO and president at Cyphort. “We’ve used these insights to create the Anti-SIEM. It’s everything users want in a SIEM — and less. Meaning, less cost, noise, complexity, and wasted time.”
The Anti-SIEM is a distributed software platform that begins with a focus on threat detection, by ingesting raw data from web, email, and lateral spread traffic, as well as log and event data from a variety of other security tools in the network. All information is fed into its analytics engine, which uses machine learning and behavioral analysis technologies to first identify advanced threats, then correlate all related alerts and log events from other sources, and finally add user/host identify information. The Anti-SIEM then presents analysts with a consolidated timeline view of the entire security incident, showing the threat and all related events over time, as well as progression through the cyber kill chain. The entire process takes as little as 15 seconds, according to the company.
Latest posts by Jeff Edwards (see all)
- Splunk, SIEM, and Security: 8 Videos to Get Started - August 17, 2017
- Top 10 SIEM Providers in the Cybersecurity 500 List for Q2 2017 - August 15, 2017
- Breaking Down the Cost and Complexity Barrier to Network Monitoring - August 14, 2017