{"id":3562,"date":"2021-09-08T17:13:02","date_gmt":"2021-09-08T21:13:02","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3562"},"modified":"2021-09-08T17:13:02","modified_gmt":"2021-09-08T21:13:02","slug":"why-you-need-detection-and-response-embedded-in-your-siem","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/","title":{"rendered":"Why You Need Detection and Response Embedded in Your SIEM"},"content":{"rendered":"

\"Why<\/p>\n

Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0<\/i><\/b><\/p>\n

Classically, SIEM<\/a><\/strong><\/span> focuses on log management. Everything in your network, from servers to applications to databases, generates security event logs from their everyday interactions. This data, if left siloed, can deny your IT security team the necessary visibility to securing your IT environment. SIEM aggregates the log information, normalizes it for clear analysis, and then creates alerts for your IT security team to utilize in its investigations.\u00a0<\/span><\/p>\n

Alongside threat intelligence feeds and compliance capabilities, companies look to SIEM for log management. However, is this what companies should be looking to their SIEM solutions for? Should they instead prioritize detection and response? And if so, why?\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

Detection and Response Embedded in SIEM<\/b><\/h2>\n

Why Detection and Response Matters<\/b><\/h3>\n

Dwell time isn\u2019t often discussed in the lay conversations around cybersecurity, but it remains one of the most persistent digital challenges. It refers to the time a hacker stays in the IT environment prior to any remediation efforts. Obviously, the longer a hacker lingers undetected, the more damage they cause. You can think of it almost like a modifier; a cyber-attack lasting a week is orders of magnitude worse than the same attack only lasting a few hours.\u00a0<\/span><\/p>\n

Unfortunately, dwell times on average last for months at a time – a serious concern. Additionally, most efforts at purely preventative cybersecurity fail to deflect one hundred percent of all attacks; eventually, a hacker with enough resources, patience, and experience can breakthrough. Think of it like glass – glass is actually much harder to break than is readily apparent, but once it breaks, it shatters.\u00a0<\/span><\/p>\n

Detection and response work to change your cybersecurity from glass to rubber, to continue the metaphor. Rubber may not be hard, but it tends to bounce back from physical strikes and is much harder to actively penetrate as a result. In other words, it makes your enterprise resilient. It does this by finding threats and helping your enterprise to actively respond to them in a timely manner.\u00a0<\/span><\/p>\n

Why SIEM Offers an Ideal Platform for Detection and Response<\/b><\/h3>\n

SIEM in its legacy form provides IT security teams with alerts. These direct IT security teams on where to conduct their investigations, with capabilities like contextualization to help eliminate false positives. Yet that only gives your IT security team a starting location in which to investigate; in this model, it doesn\u2019t participate in the response process at all, and only begins the detection process.\u00a0<\/span><\/p>\n

With detection and response embedded in your SIEM, you can help automate the process of remediation; the solution can halt suspicious processes while your team investigates, track the progress of a malware attack to discover the responsible vulnerabilities, and prevent lateral movements.\u00a0<\/span><\/p>\n

In other words, just like your IT security team must remain proactive, so should your cybersecurity solution. If you don\u2019t feel that yours measures up to the task, perhaps it is time for a replacement? Check out the SIEM Buyer\u2019s Guide<\/a><\/strong><\/span> to find out more about next-generation options.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0 Classically, SIEM focuses on log management. Everything in your network, from servers to applications to databases, generates security event logs from their everyday interactions. This data, if left siloed, can deny your IT […]<\/p>\n","protected":false},"author":41,"featured_media":2994,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[95,1647,1210,22],"acf":[],"yoast_head":"\nWhy You Need Detection and Response Embedded in Your SIEM<\/title>\n<meta name=\"description\" content=\"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why You Need Detection and Response Embedded in Your SIEM\" \/>\n<meta property=\"og:description\" content=\"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-08T21:13:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/\",\"name\":\"Why You Need Detection and Response Embedded in Your SIEM\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"datePublished\":\"2021-09-08T21:13:02+00:00\",\"dateModified\":\"2021-09-08T21:13:02+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why You Need Detection and Response Embedded in Your SIEM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why You Need Detection and Response Embedded in Your SIEM","description":"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/","og_locale":"en_US","og_type":"article","og_title":"Why You Need Detection and Response Embedded in Your SIEM","og_description":"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2021-09-08T21:13:02+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/","name":"Why You Need Detection and Response Embedded in Your SIEM","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","datePublished":"2021-09-08T21:13:02+00:00","dateModified":"2021-09-08T21:13:02+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Why do you need detection and response embedded in your SIEM solution? What can it offer your business and its security overall?\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","width":800,"height":400,"caption":"GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-you-need-detection-and-response-embedded-in-your-siem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Why You Need Detection and Response Embedded in Your SIEM"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3562"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3562"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3562\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2994"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}