Cloudy Future for Security Analytics

When you think of and operations, one technology tends to come to mind – . SIEM technology was around when I started focusing on in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include , , , , and .

SIEM has greatly improved over the last 16 years but the underlying architecture remains similar. SIEM is composed of a data management layer designed to collect and process raw security data. Once the data is processed, it becomes available for upper layers of the stack for data analysis and actions like automated/orchestrated processes.

If you think about it, this architecture is common to other types of management platforms in the past – network management, systems management, service management, etc. – all with roots back in client/server computing (or earlier).

Fast forward to 2018 and I see a fundamental problem with the historical SIEM architecture – a rapid increase in .

To read the complete article, CLICK HERE

Leave a Reply