Difference between revisions of "Security Information and Event Management"
From MgmtWiki
(→References) |
(→Gartner Magic Quadrant) |
||
| (34 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Name== | ==Full Name== | ||
| − | + | SIEM = Security Information and Event Management | |
Originally this term was applied to data collection about the security state and events in an enterprise. It has since broadened to cover pro-active security state determination and remediation of cyber threats as well, although often under a wide variety of different names. | Originally this term was applied to data collection about the security state and events in an enterprise. It has since broadened to cover pro-active security state determination and remediation of cyber threats as well, although often under a wide variety of different names. | ||
| − | ===References== | + | ==Context== |
| + | * Web sites have long kept logs of incoming HTTP traffic to diagnose web site problems. | ||
| + | * Core functionality of a SIEM includes log management and centralization, security event detection and reporting, and search capabilities. | ||
| + | |||
| + | ==Solutions== | ||
| + | |||
| + | ===Gartner Magic Quadrant=== | ||
| + | The companies that were in the visionary half of the 2021 chart were ranked in the following order. | ||
| + | |||
| + | {|border="1" padding="2" width="799px" | ||
| + | | Vendor || Cloud || AI || Location || Notes | ||
| + | |- | ||
| + | |- | ||
| + | |[https://www.exabeam.com Exabeam] || Google || [https://www.exabeam.com/?s=artificial user and entity behavior analytics] || SV CA | ||
| + | |- | ||
| + | | [https://www.ibm.com/products/qradar-siem IBM QRadar] || Watson || separate division || everywhere || | ||
| + | |- | ||
| + | | [https://www.securonix.com/ Securonix] || [https://www.securonix.com/security-monitoring-for-the-top-10-aws-threats/ AWS] || [https://www.forbes.com/sites/davidteich/2021/04/01/security-in-the-cloud-is-enhanced-by-artificial-intelligence/?sh=62feb45c3967 forbes article] and [https://aithority.com/it-and-devops/cloud/securonix-announces-bring-your-own-snowflake-program-to-power-security-data-lake-for-snowflake-customers-2/ AIthority] || TX & India || | ||
| + | |- | ||
| + | | [https://www.comodo.com/is-splunk-a-siem.php#:~:text=Splunk%20is%20a%20technology%20that,on%20a%20real%2Dtime%20basis.&text=Splunk%20is%20not%20a%20SIEM,in%20the%20form%20of%20indexers. Splunk] || open source || comodo is one provider [https://www.businesswire.com/news/home/20230123005255/en/Splunk-Appoints-Brian-Roberts-as-Chief-Financial-Officer Brian Roberts]|| NJ || | ||
| + | |- | ||
| + | | [https://www.rapid7.com/solutions/siem/ Rapid7] || || Erick Galinkin = Principal Artificial Intelligence Researcher || SF CA || | ||
| + | |- | ||
| + | |[https://logrhythm.com/ Logrhythm] || AWS || [https://aithority.com/it-and-devops/cloud/securonix-announces-bring-your-own-snowflake-program-to-power-security-data-lake-for-snowflake-customers-2/ AIthority] || Boulder || | ||
| + | |- | ||
| + | | [https://gurucul.com/ Gurucul] || || [https://gurucul.com/news/what-machine-learning-can-bring-to-cybersecurity Forbes article] || LA CA ||Identity Analytics | ||
| + | |- | ||
| + | |Microsoft || Azure || 1/2 of research budget || WA || | ||
| + | |- | ||
| + | |[https://www.sumologic.com/solutions/cloud-siem-enterprise/ Sumo Logic] || multi-cloud || [https://www.sumologic.com/solutions/machine-learning-powered-analytics/ MACHINE LEARNING POWERED ANALYTICS] || SV CA || cloud based | ||
| + | |- | ||
| + | | [https://www.fortinet.com/ Fortnet] || || [https://www.fortinet.com/products/fortiaiops Artificial Intelligence for IT Operations] || SV CA || | ||
| + | |} | ||
| + | The leader of the field in longevity is ArcSight by Microfocus (after merger from HP) which is rather poorly rated by Gartner. They were the ones who identified the problem for the customer as "too much data" back in 2001. Microfocus targets legacy infrastructure. | ||
| + | |||
| + | ===Artificial Intelligence=== | ||
| + | The interesting component of the Gartner visionary category is [[Artificial Intelligence]]. The extent to which each of those visionary companies embrace AI seems to be the trigger for Gartner's classification. The "Old Man" of SIEM, ArcSight is now owned by a [[Vulture Capitalist]] and seems to be focused on quarterly results and not customer needs, even though they had the original insight that their customer's primary concern is that they were unable to handle the flood of data that the event monitoring tools, like Windows Events, were generating. | ||
| + | |||
| + | AIThority seems to have found several SIEM companies to feature over the past year, but still published this article [https://aithority.com/security/report-siem-platforms-no-longer-meet-growing-need-of-security-practitioners-facing-emerging-threats/ SIEM Platforms No Longer Meet Growing Need Of Security Practitioners Facing Emerging Threats] 2021-09-03 | ||
| + | |||
| + | ==References== | ||
| + | * [https://aithority.com/security/cyber-threat-intelligence-expert-sekoia-announces-a-first-fund-raising-of-10-million-euros/ Cyber Threat Intelligence Expert SEKOIA Announces a First Fund Raising of 10 Million Euros] 2020-10-06 | ||
| + | * [https://aithority.com/hot-startups/blumira-raises-new-round-of-funding-for-threat-detection-response/ Blumira Raises New Round of Funding For Threat Detection & Response] 2020-08-11 | ||
# [https://en.wikipedia.org/wiki/Security_information_and_event_management Wikipedia page] on SEIM | # [https://en.wikipedia.org/wiki/Security_information_and_event_management Wikipedia page] on SEIM | ||
# [https://cloudblogs.microsoft.com/microsoftsecure/2018/04/17/connect-to-the-intelligent-security-graph-using-a-new-api/ Connect to the Intelligent Security Graph using a new API] is a Microsoft variant for the Azure cloud current as of 2018-04-17. | # [https://cloudblogs.microsoft.com/microsoftsecure/2018/04/17/connect-to-the-intelligent-security-graph-using-a-new-api/ Connect to the Intelligent Security Graph using a new API] is a Microsoft variant for the Azure cloud current as of 2018-04-17. | ||
# [https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs#resource-diagnostic-settings Collect and consume log data from your Azure resources] | # [https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs#resource-diagnostic-settings Collect and consume log data from your Azure resources] | ||
| + | |||
| + | [[Category:Glossary]] | ||
| + | [[Category:Security]] | ||
| + | [[Category: Artificial Intelligence]] | ||
Latest revision as of 14:36, 26 January 2023
Contents
Full Name
SIEM = Security Information and Event Management
Originally this term was applied to data collection about the security state and events in an enterprise. It has since broadened to cover pro-active security state determination and remediation of cyber threats as well, although often under a wide variety of different names.
Context
- Web sites have long kept logs of incoming HTTP traffic to diagnose web site problems.
- Core functionality of a SIEM includes log management and centralization, security event detection and reporting, and search capabilities.
Solutions
Gartner Magic Quadrant
The companies that were in the visionary half of the 2021 chart were ranked in the following order.
| Vendor | Cloud | AI | Location | Notes |
| Exabeam | user and entity behavior analytics | SV CA | ||
| IBM QRadar | Watson | separate division | everywhere | |
| Securonix | AWS | forbes article and AIthority | TX & India | |
| Splunk | open source | comodo is one provider Brian Roberts | NJ | |
| Rapid7 | Erick Galinkin = Principal Artificial Intelligence Researcher | SF CA | ||
| Logrhythm | AWS | AIthority | Boulder | |
| Gurucul | Forbes article | LA CA | Identity Analytics | |
| Microsoft | Azure | 1/2 of research budget | WA | |
| Sumo Logic | multi-cloud | MACHINE LEARNING POWERED ANALYTICS | SV CA | cloud based |
| Fortnet | Artificial Intelligence for IT Operations | SV CA |
The leader of the field in longevity is ArcSight by Microfocus (after merger from HP) which is rather poorly rated by Gartner. They were the ones who identified the problem for the customer as "too much data" back in 2001. Microfocus targets legacy infrastructure.
Artificial Intelligence
The interesting component of the Gartner visionary category is Artificial Intelligence. The extent to which each of those visionary companies embrace AI seems to be the trigger for Gartner's classification. The "Old Man" of SIEM, ArcSight is now owned by a Vulture Capitalist and seems to be focused on quarterly results and not customer needs, even though they had the original insight that their customer's primary concern is that they were unable to handle the flood of data that the event monitoring tools, like Windows Events, were generating.
AIThority seems to have found several SIEM companies to feature over the past year, but still published this article SIEM Platforms No Longer Meet Growing Need Of Security Practitioners Facing Emerging Threats 2021-09-03
References
- Cyber Threat Intelligence Expert SEKOIA Announces a First Fund Raising of 10 Million Euros 2020-10-06
- Blumira Raises New Round of Funding For Threat Detection & Response 2020-08-11
- Wikipedia page on SEIM
- Connect to the Intelligent Security Graph using a new API is a Microsoft variant for the Azure cloud current as of 2018-04-17.
- Collect and consume log data from your Azure resources
