The research concluded that IBM offered strong analytics and customisation, as well as multiple security product offerings.
In this post-pandemic environment, there are four main challenges for security leaders to consider:
- The ever-evolving and increasing threat landscape
- Access to and retaining skilled security analysts
- Learning and managing increasingly complex IT environments and subsequent security tooling
- The ability to act on the insights from their security tools including security information and event management software (SIEM)
There are numerous ways to help organisations with these challenges, and the industry is moving in certain directions to combat threats and shape threat management solutions:
Unified Workflows vs. Security Analytics
SIEM is, and will remain, one of the key security analytics tools for a security team. However, it is not an island and the overall workflow, data, and business context that a security team requires to do their job often goes beyond the SIEM to other tools, including EDR, ASM, NDR, Identity, Data Security, CWPP, and CSPM. Many organisations even have more than one solution of the same type.
Therefore, organisations need a truly open solution that provides a unified workflow that encompasses the insights and context from all of these current capabilities (and future ones) but also enables combined access to all of their data.
The Importance of Automation and Being Proactive
Organisations need more help and automation in the areas of investigation and threat hunting that not only reduces manual effort involved in analysing the data across their various tools and data silos, but also leverages insights from the wider infosec community, including SIGMA rules and threat intelligence. The ultimate goal is to enable the security team with higher fidelity alerts, faster root cause insights, and recommended actions to mitigate or protect against a threat.
Unfortunately, there are always going to be too many vulnerabilities, security misconfigurations, threats, and malicious behaviours for organisations to respond to. It is therefore critical organisations have a ‘threat-driven defence’ approach to security that is centred around understanding the attacker’s perspective and ensuring defence systems are addressing it as a priority. Today, such efforts are typically highly manual and infrequent. We need to move to a mode of operation where these processes become much more automated, which will ultimately reduce the risk of a security incident happening and shorten the time to detect and respond where they do.
The Future of SIEM
With the current state of cyber security threats becoming more advanced and more persistent, it is imperative that the SIEM market deliver a tool that can manage the workload. We understand a SIEM needs to be:
- Infused with artificial intelligence to deliver prioritised, high-fidelity alerts so that security analysts focus on alerts that matter
- Easy to use and fast to deploy
- Open to integrating existing tools and technologies
As the industry moves forward, the need for open security that enables security teams to quickly and easily support the entire security operations centre (SOC) workflow — including visibility, detection, investigation and response — across multiple tools and data sets will be paramount. IBM is investing heavily in these areas, which is one reason IBM has been named a Leader for the 13th consecutive year in the 2022 Gartner Magic Quadrant for SIEM report.
Source: IBM securityintelligence.com