Cloudy Future for Security Analytics
When you think of security analytics and operations, one technology tends to come to mind – security information and event management (SIEM). SIEM technology was around when I started focusing on cybersecurity in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include AlienVault (AT&T), IBM (QRadar), LogRhythm, McAfee, and Splunk.
SIEM has greatly improved over the last 16 years but the underlying architecture remains similar. SIEM is composed of a data management layer designed to collect and process raw security data. Once the data is processed, it becomes available for upper layers of the stack for data analysis and actions like automated/orchestrated processes.
If you think about it, this architecture is common to other types of management platforms in the past – network management, systems management, service management, etc. – all with roots back in client/server computing (or earlier).
Fast forward to 2018 and I see a fundamental problem with the historical SIEM architecture – a rapid increase in data volume.
To read the complete article, CLICK HERE