What is the role of SIEM today for businesses and workflows?
This isn’t meant as an idle or a flippant question. Instead, it should provoke consideration of your own cybersecurity policies and priorities. Since Gartner first identified the category in 2005, the reason to adopt SIEM technology and how to best incorporate it into workflows changed. In fact, you could argue it changed dramatically.
But how does that past influence the role of SIEM today? And how might it change in the future?
What is the Role of SIEM Today?
SIEM in the Past
Originally, enterprises sought out SIEM for its compliance tools and capabilities. SIEM allows for efficient and automatic compliance report filing; these compliance reports come out-of-the-box and fit with numerous industry standards.
This feature was, and remains, popular especially with large and global enterprises. After all, they face several compliance mandates from both governments and industry-standard boards; the more efficiently these reports can be filled, the less time your IT department needs to invest in that process.
As the years passed and the threat landscape changed, this aspect of SIEM began to lose favor or at least priority. However, it still matters for businesses of all sizes, including smaller organizations. The California Consumer Privacy Act and GDPR only represent the tip of the iceberg of future compliance mandates.
So that is where SIEM was. But how did it evolve?
SIEM in the (Relatively Recent) Present
As the threat landscape changed, the cyber-threats became more subtle and devious. Instead of battering down the digital perimeter, the new malware and cyber-infiltration tactics became harder to anticipate or predict. It used employees’ own credentials against them or used weak points in the network to plant dwelling threats that attracted little attention.
Suddenly, legacy endpoint protection platforms that enterprises once relied on no longer proved as effective at deflecting or defeating hackers. Now, the priority became threat detection and response – finding malware or bots as quickly as possible and removing them to mitigate the damage.
Enterprises of all sizes either rediscovered or embraced for the first time the potential of SIEM. SIEM prominently offers log management as one of its critical key features; it aggregates data from across the IT environment, normalizes it, and analyzes it for security event data. Then, it can alert your IT security team to investigate the connected security event data for a breach.
Therefore, SIEM improves threat visibility and insights over more of the IT environment, even as they scale with the advent of the cloud, remote work, and more. So SIEM continues to reach new audiences, with good reason.
A Piece of the Puzzle? The Future of SIEM
So how does the future of this technology compare to the role of SIEM today? Current research suggests SIEM becomes part of a wider cybersecurity platform unified by security orchestration, automation, and response (SOAR). SOAR decentralizes and re-centralizes cybersecurity tools like SIEM, firewalls, and IAM by unifying each’s findings under one pane of glass. While current wisdom states that too many tools can weigh down the IT network, and this is true without something like SOAR to monitor and unify them.
However, working together, you can use SIEM alongside other solutions to bridge whatever gaps might exist in your cybersecurity. That is truly the way of the future.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021