Two Days Left to get a GIAC Cert Attempt Included with Online Training through February 20!

SANS Security Insights

SANS Releases Evaluator's Guide to Next-Generation SIEM

Need to update your SIEM to provide next-generation functionality? SANS recently released an evaluator's guide created by information security and system procurement expert Barbara Filkins with advice by Chris Crowley, course author for SANS courses on managing security operations and incident response team management, to assist you as you move toward procuring a new system.

A SIEM system provides a central console for viewing, monitoring and managing security-related events and log data from across the enterprise. Because it correlates data from multiple sources, such a system can enable an analyst to identify and respond to suspicious behavior patterns faster and more effectively than would be possible by looking at log data from individual systems.

To be effective, a SIEM must remain relevant in the face of new threats as well as changes in both the technical and support infrastructures of an organization. Yet, legacy SIEMS are notorious for being difficult to configure and maintain. Furthermore, a traditional SIEM often lacks the capability to produce actionable information, making it difficult for the security team to justify ongoing investment costs such as license renewal, ongoing system management, integration of additional data sources and continued training of personnel.

A modern SIEM should be viewed as a central nervous system, capturing data and generating information that security teams can use as intelligence to detect potentially malicious activity before any damage is realized, providing a safety net that can catch potential threats that might slip through traditional defenses. Next-generation SIEM augments traditional capabilities (automated log management, correlation, pattern recognition and alerting) with emerging and agile technologies (cloud-based analytics; security orchestration, automation and response [SOAR]; user and entity behavior analytics [UEBA]; machine learning and artificial intelligence).

The goal of the Evaluator's Guide to Next-Generation SIEM is to help you develop an actionable procurement process that enables your organization to feel confident in its selection of next-generation SIEM as a key component in the protection and defense of its business and critical assets. Download the paper to learn more.

A special thanks to our sponsor:

LogRhythm logo

Post a Comment






Captcha


* Indicates a required field.