Andrea Danti - Fotolia
Can next-gen SIEM help cybersecurity initiatives?
More organizations are using SIEM, AI and cloud technology to minimize security breaches. Though despite interest, this combination is still in its infancy.
For corporate CSOs and IT leaders, combining different technology platforms, such as artificial intelligence, machine learning and data analytics, with cybersecurity offers new potential. However, the effectiveness of using AI to perform more than mundane security tasks is still unproven.
According to Gartner's 2019 CIO Agenda, 37% of CIOs surveyed have deployed AI technology -- and one of the top use cases for AI is fraud detection. But one of the challenges IT teams face is fine-tuning AI algorithms to accurately recognize cyberattacks, even with security information and event management (SIEM) tools.
Even with considerable data analysis, the technology doesn't always accurately differentiate acceptable user activity from legitimate threats. Key goals for AI-driven cybersecurity and next-gen SIEM are predictive restoration and automated remediation, but these capabilities remain well in the future.
The emergence of SIEM-based cybersecurity
Most enterprise IT setups employ SIEM technology to gain a holistic view of infrastructure security through in-depth analysis of event data and network logs. SIEM gives admins tools to detect security lapses with intrusion reports and respond to alerts that can indicate potential issues.
At a fundamental level, correlation and analysis are core features of SIEM offerings. Operations can collect event data from multiple sources, centralize it in one unified dashboard and gain a comprehensive view of security activity.
IT teams can spend a significant portion of their resources chasing false alerts due to the software's limitations. Though current vendors consistently promote faster and more accurate detection rates in next-gen SIEM software, it’s questionable how exact or quantifiable these advances are.
An advantage of integrating AI into security is data sorting, especially as the volume of data even small businesses collect continues to rise. IT teams use up valuable time sifting through network logs and databases for security events. Next-gen SIEM, coupled with machine learning, significantly speeds up the sorting process, allowing admins to focus on more high-level concerns.
Automated AI improves threat visibility and enables organizations to effectively counter blind spots. In minimizing breach dwell time, AI can help IT limit damage severity after a successful incursion. This not only reduces downtime, but also any associated financial ramifications.
AI-enhanced safeguards can also address the IT skills gap -- specifically in cybersecurity talent. AI helps generate targeted security alerts tailored to the skill levels and needs of multiple end users.
The future of cybersecurity and next-gen SIEM
Though these AI gains are considerable, it's important to note that cyberattackers also employ AI to put their own malware to the test, broaden their attack vectors and improve their chances for incursions. The success of combined AI and SIEM depends on the data sources that supply source threat intelligence.
Organizations use commercial and open source data feeds to train AI and increase the likelihood of threat detection and mitigation. Hackers can inject compromised data into training data sets to make an AI system less effective or shut it down.
As these technologies mature, more enterprises are interested in the cybersecurity automation potential of AI and SIEM. It's also clear these programs require a great deal of human mediation and time to fine-tune and manage.
As use cases increase, one possibility is a hybrid option, where organizations can deploy their next-gen SIEM software on premises and run any analytics in the cloud.
This approach is partly due to the fact that cloud vendors have the capabilities to gather and analyze more data than most organizations. Cisco's 2019 CISO Benchmark Study found IT leaders are gaining confidence that migrating to the cloud will bolster protections and help triage data intake.
Even with adoption questions, a number of major technology companies have introduced comprehensive cybersecurity platforms, such as Microsoft's Azure Sentinel and Palo Alto Networks' Cortex.
