SIEM is evolving , however , in two different directions : One is the platform play , with cloud-based , comprehensive , integrated platforms . The other is the specialised approach , focusing on niche SIEM aspects .
These rapid changes , consolidated by numerous mergers and acquisitions , mean the area is so dynamic that organisations may be left wondering how they can bring their SIEM up to current cyber-secure spec .
“ It ’ s pretty clear that cybersecurity is changing , and the SIEM needs to change with it ,” says Mikkel Drucker , CEO of Logpoint .
The current concern A concern with the current state of play for SIEM is a fundamental one , the detection of security breaches or nefarious activities .
Current SIEM systems collect log data and then normalises this data into a standardised format for analysis . It uses predefined rules and correlation algorithms to analyse the collected log data and identify patterns that may indicate security incidents or threats , based on known attack patterns , signatures , and indicators of compromise .
108 August 2024