In the words of former Cisco CEO John Chambers, “there are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”
But if he’s right, why are current security strategies unable to prevent these attacks? And if your company is already struggling to keep up with the current level of cyber threats, how will you cope next year? Or five years from now?
Like Finding a Needle in a Haystack
The critical importance of cybersecurity has made its way to the board room. The business world, already too familiar with the financial harm and damage to reputation that a cyber attack can inflict, has invested heavily in detection. But improved detection also resulted in a surge in the volume of alerts. Moreover, there’s the expectation that every IOC (“Indicators of Compromise”) will be met with equal vigor.
The legacy approach to dealing with alerts for over a decade has been Security Information and Event Management Technology (SIEM). It has served as the gateway between detection and response. But, the infamous Target Department Store breach in 2014 exposed a critical flaw. During the hack, which resulted in the theft of 11 gigabytes of customer data, sensors did their job and triggered alerts. But, following detection, analysts realized that the bad guys had actually lurked unnoticed for weeks amid a flood of alerts, exposing the inability of security teams to find the proverbial needle in a haystack.
New Garter Report Puts the Spotlight on Analytics and Speed
When it comes to a solution to the data volume problem, there’s no silver bullet. But a new Gartner Report, published February 28, 2017, focuses on the need for more innovation within the SIEM and broader Security Operations space. Improving speed and agility throughout the investigative and response process is at the heart of the cybersecurity report.
Gartner puts an emphasis squarely on analytics, citing it as a vital component to reducing the time from alert to resolution. According to the Gartner report, as security trends have shifted, the challenge now is the sheer volume of data that needs to be analyzed.
Gartner Praises Innovation of New Vendors
Besides a number of familiar faces in the industry, like IBM, Symantec, and Intel Security (McAfee), the report named several new vendors to watch. New York-based Siemplify, for example, has made a name for itself with a security orchestration platform and its strategy of partnering with legacy SIEM businesses. Siemplify says its proprietary graph architecture system can reduce alerts by 80 percent, triple analyst efficiency, and slash response time from days to minutes.
Also named in the report was LogRythm, which has been mentioned as a Leader in Gartner’s SIEM Magic Quadrant report for five consecutive years and known for it’s SIEM.
Industry Heavyweights Must Cooperate With Innovators to Stay Relevant
Despite the doom and gloom, the situation is far from hopeless. The Gartner report finds that SIEM providers are anxious for solutions. Analytics will be the key to fulfill the need for enhanced detection and response speed. And as the SIEM market continues to mature, providers will incorporate more Data Science capabilities to stay ahead in the years to come.
Needless to say, industry heavyweights will have to innovate to stay competitive and relevant. And, if Gartner is right, more cooperation between SIEM legacy providers and the emerging players seems inevitable.
Source: http://tech.co
