Faced with a deluge of security and log information, enterprises are overwhelmed by different types of data and find it harder to respond to potential security events. In this Beyond the Page, Robert Lemos looks at next-generation security information and event management (SIEM), analytic tools and cloud-based systems designed to help CISOs make sense of security data (historical analysis of security events, response to compliance and regulatory inquiries, role of logging data after a security breach, and normalized versus raw data).
Learn what deep dive analytics and intelligence tools can realistically offer and how it makes sense to use these tools/techniques to connect the dots in the context of SIEM.
Are SIEM systems delivering on advanced analytics?
Information overload from false positives and the continued failure to detect signs of advanced attacks remain major problems for security teams.
View the video
The hunt for data analytics: Is your SIEM on the endangered list?
Analytics-driven security disrupts, and sometimes supplants, security information and event management tools.
Using analytics to reduce false positives
SIEM systems are notorious for issuing false alarms. The addition of analytics can help security teams prioritize alerts and increase the chance that they represent actual threats.
About the author
Robert Lemos is an award-winning technology journalist, who has reported on computer security and cybercrime for 17 years. He currently writes for several publications focused on information security issues.
Read the full March edition of Information Security magazine