Page 41 - CDM-Cyber-Warnings-March-2014
P. 41
'$ $73 $-$1 3(.- .% - $ .4-# - $"41(38 - +83("2 There is a dramatic shift happening in the SIEM market. While SIEM continues to be a top project for security managers at large enterprises, it’s clear that these organizations are now re- imagining what SIEM can mean for their security posture. Many traditional SIEM solutions lack the ease of use and depth of intelligence needed to effectively hunt down the threats lurking on the network. The new onslaught of “next-gen” SIEMs offer more value to organizations with dashboards and reporting, but fall short of their (perhaps unfair) expectations of being a ‘single pane of glass’ for enterprise network security. Ultimately, we see a SIEM market that has become commoditized and organizations looking for a solution that can better arm them to fight this human vs. human battle. At their best, today’s SIEMs simply add to the overall noise of alert after alert, inundating today’s security professional with warnings, yet never handing them the actual scope that allows them to take a look into the network and not only see the alert, but the context and behavior of why and how it happened. This is the security intelligence that uncovers the unknown unknowns and decimates the attackers already lurking. The reality is that most organizations have multiple security systems already in place, each for a different and important purpose. SIEMs, IPS/IDS, anti-malware devices, firewalls—these are all core tools that every IT organization should have in its arsenal, but none can do it all, and integrating them and the data they generate is a challenge to say the least. That’s not a knock on SIEMs or any of the other security systems that organizations have in place. They are each good at what they do, but each system has its limitations based on their designed purpose. And, individually, each of these technologies can incrementally reduce the exposure of a company to security threats. But organizations are looking for more. They don’t want systems and platforms and logs, they want answers and insight into what’s happening on their networks. Network behavioral analysis and visualization of disparate network data moves organizations beyond SIEM (and even “next-gen SIEM”) technology by visually illuminating malicious behavior and rewarding the curiosity of today’s proactive security analyst. Take a Look at Network Behavior for Greater Insight Forward-thinking and aggressive security analysts are beginning to understand that in order to truly protect their networks, they must move from an all-alert methodology to a more active stance. This involves not simply waiting for a system to ping them to a possible issue, but in fact actively running queries over their fused network data in order to search and find possible issues. Network behavioral analysis and visualization effectively addresses this challenge by enabling analysts to gain insight from all this disparate data quickly and visually to dramatically reduce their exposure to a security breach. Network behavioral analysis and visualization illuminates the behavior happening within a network, pinpointing malicious activity, highlighting noncompliant systems, and rewarding the natural curiosity of today’s proactive security analysts. Security professionals are overwhelmed by the volume of notifications and alerts coming from both perimeter systems and SIEMs, many of which ultimately get ignored due to their lack of veracity. Network behavior analysis and visualization can help analysts maximize the value of these existing security systems: " # % " $ " # ! !
