What is an Evolved SIEM?
An evolved SIEM is much more than logs, packets and threat intelligence collection and correlation. It is a platform delivering insights into what threats reside in your network, where they have been, who was impacted, what resources are at risk and, ultimately, helps guide analysts to confidently make the right decisions in threat management and resolution -just like our driverless car must be accurate with its route, speed, stops and maneuvering with other vehicles. An evolved SIEM accelerates threat detection and response by providing visibility across endpoints, network, cloud and virtual environments; combining business context with automation and machine learning capabilities to detect, investigate and respond to today’s complex threats.
Today’s SIEMs are expected to natively include or closely integrate User and Entity Behavioral Analytics (UEBA) to compliment a SIEM platform. With our autonomous vehicle analogy in mind, our users on the network are the cars on the highway – you need to know where they are currently as well as what their normal driving behaviors are in order to respond safely on your cars journey.
While user directories and identity management offer insights into user and role usage, UEBA provides analytics highlighting patterns of unusual behavior, ideally before theft, disruption, or compromise occurs. UEBA delivers analytics that complement the baselining and rule-based analytics capabilities within SIEM solutions, noting that SIEM solution vendors offer varying levels of native and integrated support for UEBA solutions.
It all starts with visibility, but what (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Karl Klaessig. Read the original post at: http://www.rsa.com/en-us/blog/2018-06/ueba-evolved-siem-foundations-of-the-intelligent-soc.html