{"id":1396,"date":"2018-03-21T13:58:40","date_gmt":"2018-03-21T17:58:40","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1396"},"modified":"2018-03-21T13:58:40","modified_gmt":"2018-03-21T17:58:40","slug":"common-problems-siem-switch-security-analytics","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/","title":{"rendered":"Common Problems in SIEM: Should You Switch to Security Analytics?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-431\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg\" alt=\"SIEM security analytics\" width=\"800\" height=\"350\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280-300x131.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280-768x336.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280-600x263.jpg 600w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280-180x79.jpg 180w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280-400x175.jpg 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">SIEM is a major component of any enterprise\u2019s comprehensive cybersecurity platform. It\u2019s vital to detecting threats that have bypassed your endpoint security platform. It\u2019s necessary to compiling data from across your network, scanning it for digital security threats, and cataloging them for compliance purposes.<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a title=\"Download link to SIEM Buyers Guide\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_SB_BG.gif\" alt=\"Download Link to SIEM Buyers Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yet enterprises don\u2019t seem to understand what their SIEM solution actually does and where it may be vulnerable. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>SIEM: Prevalent but Problematic? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Research firm <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/1122-2\/\"><span style=\"font-weight: 400\">Gartner<\/span><\/a><span style=\"font-weight: 400\"> defines security information and event management\u2014SIEM\u2014\u201cby the customer\u2019s need to analyze event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, analyze, investigate and report on event data for incident response, forensics and regulatory compliance.\u201d <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In other words, SIEM focuses on log collection and analysis from multiple data sources and correlation rules written by security experts and executed in real time. As mentioned above, it supports compliance reporting and security incident investigation and response. SIEM is not <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/4-challenges-traditional-log-management-solutions\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">log management<\/span><\/a><span style=\"font-weight: 400\"> per se. Log management utilizes all the uses of data logs, whereas SIEM focuses on the security uses of those logs. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, SIEM has some common weaknesses across all solutions. Its analytical capabilities are limited to the information it collects and correlates\u2014which depends on what information the solution can collect across your enterprises\u2019 network. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The first recurring issue is that SIEM\u2019s analysis and alert capabilities are based on the correlation rules written by your security experts. Those rules can be too rigid to adapt to new demands\u2014the thresholds by which they define \u201cnormal behaviors\u201d may not account for different users\u2019 actual normal behavior. They might also fail to account for activity time: a rule that looks for a high volume of traffic at an odd time as a threshold of malicious activity might miss malicious activity occurring during normal business hours.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The second problem SIEM faces is almost the opposite to the one above. The data logs the modern enterprises generates\u2014nearly 10 terabytes of plaintext data a month, according to some studies\u2014is overwhelming. SIEM solutions may struggle to keep up with the deluge of plaintext data, or under the rules security experts write-up generate false leads. False leads aren\u2019t just an annoyance. They can waste your security team\u2019s time and money chasing after them, and allow real threats to slip by in the distracting chaos. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A third issue in SIEM is accessing or outright finding all the data an enterprise generates. SIEM solutions may not be capable or programmed to find all data across all endpoints, so essential security data may slip it by. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Could Security Analytics Solve Those Problems? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Some enterprises have turned to <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/look-security-analytics-solution\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">security analytics<\/span><\/a><span style=\"font-weight: 400\"> as an alternative to SIEM and its issues. Security analytics are capable of reaching every endpoint in a corporate network and compiling it under a single pane, and supposedly generates fewer false positives. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yet as <\/span><a href=\"https:\/\/blogs.gartner.com\/anton-chuvakin\/2015\/01\/26\/do-you-want-security-analytics-or-do-you-just-hate-your-siem\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Dr. Anton Chuvakin<\/span><\/a><span style=\"font-weight: 400\"> (Research Vice President at Gartner) points out, security analytics may not solve what is really at issue with your SIEM. SIEM is complex and requires serious expertise to maintain and deploy properly. They require resources and knowledge to write good rules. The out of the box correlations rules solutions come with, which some enterprises may rely on to avoid the hard work of deployment, are often not sufficient to cover your enterprises\u2019 needs. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">So before switching to a security analytics solution, consult with your IT security team about the rules they have in place, if the SIEM solution your enterprise uses reaches where it needs to, and what can be done to ensure the best results.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u00a0<br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SIEM is a major component of any enterprise\u2019s comprehensive cybersecurity platform. It\u2019s vital to detecting threats that have bypassed your endpoint security platform. It\u2019s necessary to compiling data from across your network, scanning it for digital security threats, and cataloging them for compliance purposes. Yet enterprises don\u2019t seem to understand what their SIEM solution actually [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":431,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551],"tags":[95,145,112,86,212,180,21,57,22],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Common Problems in SIEM: Should You Switch to Security Analytics?<\/title>\n<meta name=\"description\" content=\"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Common Problems in SIEM: Should You Switch to Security Analytics?\" \/>\n<meta property=\"og:description\" content=\"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-21T17:58:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/\",\"name\":\"Common Problems in SIEM: Should You Switch to Security Analytics?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg\",\"datePublished\":\"2018-03-21T17:58:40+00:00\",\"dateModified\":\"2018-03-21T17:58:40+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg\",\"width\":800,\"height\":350,\"caption\":\"Cybersecurity Experts Comment on Safer Internet Day\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Common Problems in SIEM: Should You Switch to Security Analytics?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Common Problems in SIEM: Should You Switch to Security Analytics?","description":"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/","og_locale":"en_US","og_type":"article","og_title":"Common Problems in SIEM: Should You Switch to Security Analytics?","og_description":"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2018-03-21T17:58:40+00:00","og_image":[{"width":800,"height":350,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/","name":"Common Problems in SIEM: Should You Switch to Security Analytics?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg","datePublished":"2018-03-21T17:58:40+00:00","dateModified":"2018-03-21T17:58:40+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Enterprises don\u2019t seem to understand SIEM solutions. What problems do SIEM solutions face? And can security analytics solve those problems?\u00a0 \u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/05\/security-265130_1280.jpg","width":800,"height":350,"caption":"Cybersecurity Experts Comment on Safer Internet Day"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/common-problems-siem-switch-security-analytics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Common Problems in SIEM: Should You Switch to Security Analytics?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1396"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1396"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1396\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/431"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}