Security

Agencies Turn to Next-Gen SIEM for Improved Cyber Visibility

The latest security information and event management technology serves as a unified data platform applying modern intelligence and analytics to security data in real time.

Nathan Eddy

Nathan Eddy works as an independent filmmaker and journalist based in Berlin, specializing in architecture, business technology and healthcare IT. He is a graduate of Northwestern University’s Medill School of Journalism.

Agencies are increasingly turning to next-generation security information and event management systems because the success of their cyber workflows relies on holistic visibility of their IT environments.

After identifying the critical data assets they must protect, agencies use next-gen SIEM to correlate that information with other data feeds to unearth potential threats and compromises.

Unlike traditional SIEM, next-gen systems infuse data points from raw streaming workflows and all types of asset sources: cloud, on-premises, hyperconverged and hybrid. In short, next-gen SIEM offers agencies a unified data platform that applies modern intelligence and analytics in a real-time workflow.

Some systems also incorporate security orchestration, automation and response (SOAR) capabilities, so it's important to understand what's on offer when choosing the right SIEM tool for your mission.

Click the banner below to begin developing a comprehensive cyber resilience strategy.

x-cyberresillience4-static-2024-na-desktop

x-cyberresillience4-static-2024-na-mobile

Next-Gen SIEM Enables Faster Cyber Incident Response

A cornerstone of next-gen SIEM is flexible storage that can incorporate data from multifaceted sources at the volume, velocity and level of veracity that the cyber ecosystem delivers, says Sam Kinch, director of technical account management at systems software company Tanium.

"Scalability improves with tunable storage capacities and capabilities, adjustable retention policies and distributed locations across hyperconverged enterprises," Kinch says.

Efficiencies are achieved by retaining data at various storage tiers based on access needs; support for certain, optimized compression algorithms; and access models (including application programming interfaces), ensuring ready availability.

Next-gen SIEM can significantly enhance an organization’s ability to track and respond to breaches across various systems and architectures, says Sam Curcuruto, principal product marketing manager for Commvault.

The hybrid approach benefits from significantly reducing operational next-gen SIEM costs while ensuring complete visibility and control across the enterprise.”

Sam Kinch Director of Technical Account Management, Tanium

"By integrating data from multiple sources, these advanced SIEM systems provide a comprehensive view of the entire IT environment, whether it's on-premises, in the cloud or within hybrid architectures," Curcuruto says.

Such tools use machine learning and artificial intelligence to detect patterns and anomalies that might elude traditional SIEM technology, thereby catching sophisticated threats early.

Next-gen SIEM also leverages automation and orchestration capabilities for swift, coordinated and sometimes fully hands-off responses to security incidents. Some automation technologies can detect a ransomware event, quarantine the affected system and roll back any changes to data with the last known good configuration.

Incorporating global threat intelligence feeds also keeps organizations informed about the latest threats and vulnerabilities, bolstering their ability to anticipate and mitigate attacks.

LEARN MORE: Consider these three factors when selecting an SIEM tool.

With Next-Gen SIEM Comes Fresh Challenges

Integrating next-gen SIEM technology into an existing IT infrastructure can present several challenges, Curcuruto says.

"The complexity of ensuring seamless integration with diverse systems and technologies can be both time-consuming and intricate," he says. "Managing and processing large volumes of data from various sources demands significant resources."

To fully harness the benefits of next-gen SIEM, organizations should define clear objectives for its deployment, such as improving threat detection accuracy or reducing response times.

DISCOVER: Proactive threat hunting is a must for agencies.

"Ongoing training and awareness programs for the security team are essential to effectively utilize SIEM tools and stay abreast of the latest security practices," Curcuruto says.

Kinch recommends a hybrid approach, in which agencies push only essential data points to the SIEM tool in support of critical asset analytics, while retaining a visibility platform solution with an API that allows for real-time awareness and control of every data point from every endpoint.

"The hybrid approach benefits from significantly reducing operational next-gen SIEM costs while ensuring complete visibility and control across the enterprise," Kinch says.

Hengki Lestio/Getty Images