The Improvement and Evolution of SIEM

The Improvement and Evolution of SIEM

A security information and event management

Contents
SIEM Technology Primer: SIEM Platforms have Improved Significantly

(SIEM) system allows companies to monitor security threats in real-time. And the evolution of SIEM platforms has allowed for advancement in the collection of data. This expert EGuide provides an in-depth look at the past, present, and future of SIEM technology and how it has greatly improved. SIEM Technology Primer: SIEM Platforms have Improved Significantly
Jane Wright, Site Editor Security information and event management (SIEM) products grew out of two narrower product categories in the past decade. Security information management (SIM) software and appliances were used to collect and review logs of data from host systems, network devices, security devices and applications. Security event management (SEM) products came next, providing automated reviews of log data in real time, looking for anomalies or event correlations that signaled a security threat or a compliance violation. Gradually, SIM and SEM vendors merged these tools into SIEM technology platforms. SIEM platforms recently evolved further to colle ct data about users behaviors and data access. SIEM platforms may collect data from hundreds of sources, including hardware devices, virtual machines and applications such as Microsoft Exchange and Oracle databases. Rocky start for SIEM technology The earliest SIEM deployments were often a disappointment, according to Jessica Ireland, research analyst for Ontario-based Info-Tech Research Group. Customers tried to implement all of the SIEM functions with all available sources, which added more complexity than most customers could absorb in a short time. As a result, most of the logs collected by the SIEM sat unviewed, and many customers would label their SIEM project as a failure. Over time, customers were encouraged to start their SIEM project with just

Page 2 of 6

Sponsored by

The Improvement and Evolution of SIEM

one objective (threat monitoring or compliance reporting, but not both) and just a small set of sources (for example, just the network devices), to gain skills and experience and gradually grow their SIEM project at a manageable pace. Current SIEM technology offerings SIEM platforms have improved significantly in the past few years. The products keep getting better, Ireland said. Were seeing a lot of fluid and intuitive interfaces, which make SIEM easier for clients to use. One example of the easier interface is the replay function. This enables the administrator to recreate a past incident or attack and develop a new policy for times when a similar incident occurs in the future. Alerts and responses have also improved in most SIEM platforms, according to James McCloskey, senior research analyst at Info-Tech Research Group. Early implementations of automated responses caused problems, such as actions being taken when the alert was actually a false positive. A lot of the kinks in automatic response systems have been worked out, McCloskey said. More people are comfortable that their SIEM will properly correlate an attack with information from other tools, such as a Web content filtering product, and respond appropriately. Major SIEM technology vendors There are approximately two dozen vendors actively selling in the SIEM space. In its 2011 Magic Quadrant for SIEM report, Gartner Inc. placed HP/ArcSight LLC, Q1 Labs (acquired by IBM), RSA (the security division of EMC), Symantec Corp., LogLogic Inc., NitroSecurity Inc. (acquired by McAfee) and Novell Inc., in the leaders quadrant. Vendors such as NetIQ Corp, eIQnetworks Inc. and others fill the remaining quadrants of Gartners report. The majority of SIEM vendors are particularly active in North America, where most of the first SIEM platforms were sold. In recent years, interest in SIEM technology has expanded to Europe, Latin America, Australia and Asia/Pacific regions.

Contents
SIEM Technology Primer: SIEM Platforms have Improved Significantly

Page 3 of 6

Sponsored by

The Improvement and Evolution of SIEM

SIEM market

Contents
SIEM Technology Primer: SIEM Platforms have Improved Significantly

According to the Gartner report, the SIEM market is mature, with many customers having their SIEM implementations in place for more than a few years, and some shopping for an upgrade or replacement to their initial SIEM choice. Large enterprises continue to be the predominant purchasers of SIEM platform products, Ireland said. SMB customers are more likely to employ a managed security services provider (MSS) for SIEM functions. Some SIEM vendors now offer scaled-down versions of their platforms, supporting a small number of logs from a limited number of log sources, to provide a lower price point for SMB customers. SIEM technology: Typical uses Customers typically use SIEM products for two reasons: to spot evidence of security threats or security breaches, and to ensure their organization is complying with regulatory standards. A 2011 Forrester Research survey (sponsored by SenSage) showed most customers are currently using their SIEM tool for both threat management and compliance reporting. While the decision to install a SIEM platform may be made by the IT department, the compliance manager, or a business unit within an organization, Gartners report stated ownership and management of the SIEM platform usually goes to the IT team. The future of SIEM technology All those logs of data captured by the SIEM are growing, especially as SIEM platforms begin to capture usage and incidents from mobile devices. For this reason, some vendors are working to connect business intelligence and analytics tools to SIEM data. In its 2011 report, How Proactive Security Organizations Use Advanced Data Practices to Mak e Decisions , Forrester said the IT industry is currently poised at the intersection of SIEM, data warehousing and business intelligence, which could potentially unlock the ability to discover and respond to new threats.

Page 4 of 6

Sponsored by

The Improvement and Evolution of SIEM

In addition, many of the larger SIEM vendors are working to integrate their SIEM platforms with GRC (governance, risk and compliance) products, or with identity and access management products. Ireland believes some vendors will accomplish this three-pronged approach of SIEM, GRC and security infrastructure through acquisitions. We expect further consolidation as more vendors try to pull these three prongs of SIEM, GRC and security infrastructure together, Ireland said. Some of the larger vendors may grab up the few remaining niche players.

Contents
SIEM Technology Primer: SIEM Platforms have Improved Significantly

Page 5 of 6

Sponsored by

The Improvement and Evolution of SIEM

Contents
SIEM Technology Primer: SIEM Platforms have Improved Significantly

Free resources for technology professionals

TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology -specific Web sites gives you access to industry experts, independent content and analysis and the Webs largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts.

What makes TechTarget unique?

TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets.

Related TechTarget Websites

Page 6 of 6

Sponsored by