BACKGROUND IMAGE: traffic_analyzer/iStock
Even evolved SIEM tools don't reduce need for human touch
SIEM tools never stop evolving. The latest advance in this already sophisticated technology is the addition of AI, in the form of machine learning. Vendors are increasingly adding SIEM-as-a-service offerings to their product lineup as well.
Vendors and even some experts tout the application of AI to SIEM as a way to solve the long-running problem of staff shortages. But dealing with the avalanche of alerts any SIEM creates isn't going to be solved anytime soon, no matter how smart SIEM tools get.
One reason is the nature of IT security threats today. While security tech is evolving, so are the threats. Viruses morph and hackers adjust their tactics. No machine is capable of keeping up yet.
Another reason is that when it comes to assessing security incidents, even sophisticated security technology like AI-enabled SIEMs can't yet judge the context of an alert on their own. A recent Gartner report, in fact, cast doubts on whether security tech ever will: "Machine learning is not, and will never be, perfect. It is trained, tuned, and refined continuously by humans." Parsing context, in other words, takes human judgment.
In looking at the prospects for the IT security field, expert Karen Scarfone put it this way, "While using machine learning for a SIEM could lighten SIEM staffing needs, it would not fix an organization's shortage of security professionals." So even with AI and machine learning in the latest SIEMs, the shortage of skilled security pros will remain dire. ISACA estimated the staff shortage will climb to 2 million in 2019.
The bottom line is, while it's essential for enterprises to acquire the most advanced security tools possible, including SIEM tools, no IT security budget will ever be large enough to fight threats by itself. That's because no matter how smart our technology gets, it will require that human touch.