7 SIEM TRENDS TO WATCH IN 2019

32

7 SIEM TRENDS TO WATCH IN 2019

SIEM technology has been around for a while, with the fundamental capabilities of the platform dating back to over a decade ago. Since then, SIEM solutions have become more of an information platform, with enterprise demands for better security driving much of the SIEM market. In the last year alone, demand for SIEM technology has remained strong, with threat management as the primary driver, and general monitoring and compliance secondary.

The SIEM market grew from $1.999 billion in 2016 to a staggering $2.180 billion in 2017 according to Gartner. Research from leading market analysts Juniper Research also suggests that the cost of data breaches will reach $2.1 trillion by 2019 — almost four times the estimated cost of breaches in 2015. Many of the newer capabilities now offered on the market are a significant driving force behind the adoption of SIEM software. The Gartner Magic Quadrant (MQ) highlights this growing trend toward machine learning, artificial intelligence and advanced analytics, as vendors continue to experiment with deep-learning capabilities.

7 SIEM TRENDS TO WATCH IN 2019 7 SIEM TRENDS TO WATCH IN 2019

554

1. Targeted attack detection is now essential

2. Third-party support is the key to stopping threats earlier

3. Organizations will try to save money building their own SIEM (and fail)

4. Flexible delivery models can reinforce your security nerve center

5. Integration with security ecosystems can help mitigate risk

6. New smart dashboards mean better security — instantly

7. Adoption at scale is finally possible

With so many exciting features on the horizon, here are seven SIEM trends to watch in 2019:

7 SIEM TRENDS TO WATCH IN 20197 SIEM TRENDS TO WATCH IN 2019

SIEMs need to get better at the effective detection of/and response to targeted attacks and breaches. Threat intelligence, behavior profiling and analytics can improve detection success, so that security managers don’t need to sift through a sea of data to detect and alert on events.

Not all data is created equal, and risk scoring with advanced analytics can make it that much easier to isolate and investigate an incident when dealing with a high volume of data. Otherwise, most security managers are going to be overwhelmed by a wealth of information that makes it nearly impossible to correlate one event with another.

This is why targeted attack detection is becoming more critical for highly-advanced services, and likely to become a major component of any SIEM system, as vendors try to re-calibrate their correlation models to better detect and respond to potential threats.

1. TARGETED ATTACK DETECTION IS NOW ESSENTIAL

76 7 SIEM TRENDS TO WATCH IN 2019 7 SIEM TRENDS TO WATCH IN 2019

Customers are starting to care more about external service support for their SIEM deployment, or at the very least, are planning to acquire support in conjunction with their SIEM product. Motivation to seek these services includes lack of internal resources to manage a SIEM deployment and to perform real-time alert monitoring or lack of expertise to expand into new use cases.

The growing use of managed detection and response (MDR) and managed security service providers (MSSP) will help smaller to mid-sized organizations keep up with the dynamic threat landscape through third-party support. Larger enterprises can also use managed security services to maximize their capabilities.

SIEM vendors are now giving greater thought to these requirements, specifically how to support managed services with their own staff or outsourcing partners. SIEM offered as a service (SIEMaas) includes the maintenance of the platform by the vendor, often in a public cloud environment, with customers using their own resources to configure content and monitor and investigate events.

2. THIRD-PARTY SUPPORT IS THE KEY TO STOPPING THREATS EARLIER

3. ORGANIZATIONS WILL TRY TO SAVE MONEY BUILDING THEIR OWN SIEM (AND FAIL)

The complexity and cost of buying and running legacy SIEM products, as well as the emergence of other security analytics technologies, have driven organizations to pursue other ways to collect and analyze data to identify attacks. Security teams might think they can build their own analytics-driven SIEM instead, and will often use a combination of products to create a platform that offers a range of capabilities for data collection, management and analytics.

But large companies with more complex use cases should weigh the cost-benefit of building their own SIEM — especially if they have the option to invest in their security operations. It can be extremely difficult to scale, and many security teams will feel overwhelmed by the breadth of this task, and inevitably fail and come back to a leading SIEM vendor. The workload involved in engineering these solutions can be significant. This defeats the whole purpose of building a SIEM, as it ends up being far more expensive than a commercial deployment.

98 7 SIEM TRENDS TO WATCH IN 2019

4. FLEXIBLE DELIVERY MODELS CAN REINFORCE YOUR SECURITY NERVE CENTER

Analytics-driven security solutions now consist of many different models, including on-premises, in the cloud or a hybrid platform that can include both. Splunk Cloud is an example of how a SIEM can combine on-premises and cloud deployments to create a cloud-based SIEM solution that goes beyond simple detection and response to address advanced threats, and that scales and secures your journey to the cloud, providing deep insight into your security ecosystem and applications. Analytics-driven security solutions with Splunk Cloud is a flexible platform that scales from tackling focused use cases to becoming your security nerve center.

7 SIEM TRENDS TO WATCH IN 2019

5. INTEGRATION WITH SECURITY ECOSYSTEMS CAN HELP MITIGATE RISK

Leaders in this space are investing more and more in supporting a diverse range of business and technical requirements. Especially when it comes to integration with third parties/vendors, improved workflow, automation and scalability.

On average, a large enterprise deploys security products and technologies from 70 or more different vendors. With little integration between these products and technologies, a coordinated defense is nearly impossible. Security teams face the challenge of running operations across multiple domains, and having to ingest data from relevant sources, drive collaborative decisions between disparate products and technologies, and take orchestrated action to address security events.

Luckily, an Adaptive Operations Framework (AOF) can help improve cyber defense and security operations by leveraging the industry’s largest open ecosystem of innovative security vendors who have built and developed integrations with leading security technologies. Practitioners can gain insight and increase productivity by leveraging Splunk and partner-built integrations to ingest structured or unstructured data from any source to be used across different solutions. This in turn drives collaborative decisions supported by rich analytics and orchestrated action across a comprehensive range of technologies in the SOC.

1110 1111117 SIEM TRENDS TO WATCH IN 20197 SIEM TRENDS TO WATCH IN 2019

6. NEW SMART DASHBOARDS MEAN BETTER SECURITY — INSTANTLY

Ready-to-use or out-of-the-box content can help security practitioners realize value immediately with pre-built dashboards, reports, incident response workflows, advanced analytics, correlation searches and security indicators. Gone are the days where the average security analyst needs to configure their own dashboards, rules or searches.

Now, users have a host of resources like the Splunk Use Case Library — a handy tool for discovering new use cases based on data ingested, which can then be used within your environment — or Analytic Stories — a collection of searches grouped together around a common theme. This type of readily available, usable and relevant content can help strengthen an organization’s security posture, as well as reduce risk in little-to-no time. As a result, more and more vendors are creating ad-hoc searches, as well as dynamic and visual correlations to determine malicious activities.

7. ADOPTION AT SCALE IS FINALLY POSSIBLE

Some modern SIEM solutions can now handle adoption at a massive scale, while static legacy systems have a cap on the amount of data that can be ingested, stored and analyzed. The challenge with leveraging massive amounts of information is that it comes in a dizzying array of unpredictable formats, and traditional monitoring and analytics tools weren’t designed for the variety, velocity, volume or variability of this data.

However, modern systems like Splunk can ingest upward of 20 terabytes of data from across business applications, servers, websites, endpoints, networks, and open source data stores (and that's just daily). Where this would have been completely improbable before, it’s now possible to glean real-time insights from a high volume of data, with a far-greater capacity for extraction, storage and analysis.

© 2019 Splunk Inc. All rights reserved. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data,Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.

EB-Splunk-7-SIEM-Trends-to-Watch-in-2019-101

GETTING STARTEDReady to have visibility across your organization’s security stack alongside augmented capabilities? Discover why you should use Splunk as your SIEM to avoid downtime and see vulnerabilities before they arise.