Modern IT organizations aren’t just fighting hackers and malware—they’re also battling a torrent of data from their own networks.
Information is pouring in. A fortune 500 enterprise’s infrastructure can easily generate 10 terabytes of plain-text data per month. Logs, threat intelligence feeds, forensics, IAM– if improperly managed these systems can create such a deluge of data that many enterprises end up underwater while the pertinent security data floats by.
So how can enterprises effectively log, monitor, and correlate that data to obtain actionable insight? The traditional answer is to use a Security Information and Event Management (SIEM) solution. However, as information security has evolved, so have capabilities. Today, next-generation security analytics systems are quickly embracing new capabilities such as behavioral analytics, which can help enterprises detect potential threats and eliminate them before they turn into costly breaches.
The security analytics market is full of vendors capable of meeting basic log management, compliance, and event monitoring requirements, but the aforementioned explosion of security data in the enterprise has left the door wide open for innovation from players both old and new. 2018 has the potential to be a year of big changes for security analytics, so here are my top four vendors to watch.
And don’t forget to check out our 2017 SIEM Buyer’s Guide for more in-depth analysis, vendor profiles, and more.
Splunk has been positioned as a “SIEM-killer” for a long time, and while that may or may not be true, the company has made major waves in the security market. Splunk provides pre-packaged dashboards, reports, incident response workflows, analytics, and correlations to identify, investigate, and respond to internal and external threats. It employs a query language that supports visualization with more than 100 statistical commands. The big data company recently updated its machine learning capabilities and made the news with its acquisition of breach detection co. SignalSense. For months, there have been rumors that Symantec was gearing up to acquire splunk, and though plans appear to have fizzled for now, a sale is certainly a possibility in 2018.
LogRhythm combines SIEM, Log Management, File Integrity Monitoring and Machine Analytics with Host and Network Forensics in a unified Security Intelligence Platform. Its SIEM solutions are mostly accommodating for midsize to large enterprises. Their SIEM consists of several unified components: the Event Manager, Log Manager, Advanced Intelligence Engine (AI Engine), and Console. It combines SIEM capabilities with endpoint monitoring, forensics, and management abilities to ease with deployment.
Early in 2017, Sumo Logic announced the release of a multi-tenant SaaS security analytics solution with integrated threat intelligence capabilities. Sumo Logic’s new solution incorporates threat intelligence powered by a partnership with CrowdStrike. The solution correlates threat intelligence data with Sumo Logic’s log data for real-time security analytics to help organizations increase the velocity and accuracy of threat detection in modern applications, while protecting against sophisticated and persistent cyberattacks, says the company.
RSA is a security powerhouse, and as such, they’re always one to watch. The RSA Security Analytics platform provides visibility from logs, full network packet, NetFlow, and endpoint data capture. The RSA Security Analytics solution facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Organizations can simplify compliance by using regulation-specific, out-of-the-box reports, alerts, and correlations rules. Reports can be scheduled to be delivered at a specific time or run on an ad-hoc basis. Alerts can be delivered through the intuitive user interface, via SMS, or email, and auditors can even be granted read-only access to the Security Analytics platform so that they can access the reports whenever they need them.
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017