BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Security information and event management technology has been around for over a decade. Now entering its "2.0" phase, SIEM technology is now turning into a "security big data analytics" platform, says Mike Rothman in this in-depth and lively webcast.
Rothman begins with a brief history: How SIEM developed out of necessity -- that is, out of the need to deal with the flood of alerts issued from IPS and IDS systems that was overwhelming the IT department.
It became over time more of an information platform, aggregating logs from firewalls and other devices. But that technology was complex and hard to tune, and to identify attacks, IT pros had to know what they were looking for.
This led to the forced evolution of the SIEM platform, Rothman explains. SIEMs are now built as a data store for high-velocity input, with a focus on usability. That means pros need to be using the tool all the time, looking at the data and making sure alerts signal true problems. There are still constraints on SIEM capability but it is invariably going to be the linchpin of enterprise security into the future.
What the future holds for SIEM, Rothman attempts to predict. He sees the current period of inflated expectations for SIEM ending, followed by what he terms the "plateau of productivity." What's key now is for IT security teams to learn how to increase the fidelity of the data a SIEM collects. Full packet capture will be the key capability of the future SIEM system, which means big data will be at the foundation of any effective SIEM product.
Rothman closes with a note on the skills IT pros will need to manage modern SIEM tools, and how it will be a combination of pattern matching and human interaction that will the key to its success. For all its capabilities, SIEM is no "set it and forget it" technology -- enterprise must have on staff the people with statistical and math skills to make sense of the big data collected.
By viewing this webcast, infosec pros will be able to better realize the promise of SIEM and be prepared for its coming iterations, which includes acquiring the skills they need to have to use the most modern SIEMs effectively.