Articles about SIEM

SIEM (security information and event management) is currently one of the cybersecurity field’s most active markets. It holds the promise of making sense of the disparate data sources across enterprise environments to detect and respond to malicious activity.

Over the past year, we’ve witnessed a wave of innovation, mergers and acquisitions and consolidation in this area, largely driven by AI advancements and the push toward the AI-native security operations center (SOC). But there's also a 'data paradox' involved in balancing cost with importing and storing as much data as possible.

Continue reading →

The recent release of “Best Practices for Event Logging and Threat Detection” by CISA and its international partners is a testament to the growing importance of effective event logging in today’s cybersecurity landscape. With the increasing sophistication and proliferation of cyber attacks, organizations must constantly adapt their security strategies to address these advanced threats. CISA’s best practices underscore how a modern SIEM (Security Information and Event Management) solution, especially one equipped with UEBA (User and Entity Behavior Analytics) capabilities, is critical for organizations trying to adopt the best practices in this domain.

A modern SIEM with UEBA can help organizations streamline their event logging policies. It automates the collection and standardization of logs across diverse environments, from cloud to on-premise systems, ensuring that relevant events are captured consistently. This aligns with CISA’s recommendation for a consistent, enterprise-wide logging policy, which enhances visibility and early detection of threats. We've seen a rise in detection and response technologies, from Cloud Detection and Response (CDR) to Extended Detection and Response (XDR) being positioned as alternatives to SIEM. However, when it comes to consistently capturing and utilizing events across diverse environments, SIEM remains the preferred solution for large organizations facing these complex challenges.

Continue reading →

Security information and event management (SIEM) systems used by enterprises only have detections for 38 (19 percent) of the 201 techniques covered in the MITRE ATT&CK v14 framework according to a new report.

CardinalOps analyzed more than 3,000 detection rules, 1.2 million log sources and hundreds of unique log source types from real-world SIEM instances across Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.

Continue reading →

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization's security controls, but if these products aren't configured correctly they will produce too many false positives to be useful, and can even make overall threat detection worse.

Security analysts need to trust that their SIEM is detecting threats accurately. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection.

Continue reading →

AI has been in the news over the past several months, but not everyone is welcoming it excitedly. Many renowned tech personalities have expressed their concerns over the risks associated with it and there are valid fears about artificial intelligence doing more harm than good. For example, there have been reports of AI helping cybercriminals produce less detectable malware.

It is reassuring to know that cybersecurity is among the early adopters in harnessing the benefits of artificial intelligence. Cybersecurity firms have been developing ways to integrate AI into their detection, mitigation, and prevention capabilities. Next gen security information and event management (SIEM), in particular, is gaining traction as organizations try to keep up with the growing aggressiveness and complexity of cyber threats.

Continue reading →

Security information and event management systems (SIEMs) are missing detections for 76 percent of MITRE ATT&CK techniques that adversaries use to breach their environments, according to a new report.

Produced by CardinalOps, the study analyzes real-world data from production SIEMs -- including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic -- covering more than 4,000 detection rules, nearly one million log sources, and hundreds of unique log source types.

Continue reading →

In 2023, Chief Information Security Officer (CISO) continues to be an important role with a broad reach for securing every aspect of a business, their people and systems. The security team reporting to the CISO is responsible for protecting thousands of IT devices and systems dispersed across broad geographic areas from attackers who also may be anywhere on the planet. Additionally, modern infrastructures are dependent on sophisticated security technologies to monitor traffic and distinguish between normal, everyday activities and potentially malicious activity due to the ongoing threat of attacks.

The security information and event management (SIEM) tool is one of the security team’s most crucial. With a large market of SIEM vendors, the type of SIEM that CISOs decide to deploy is highly flexible and must be aligned to the business that the CISO protects. It’s important for CISOs to fully evaluate the business and their unique goals to develop the criteria they need in a SIEM.

Continue reading →

Thanks to eCommerce, IoT devices, social media and more, organizations are collecting larger volumes of data than ever before. But often this is on the basis that they collect everything and work out what to do with it later. An approach that opens them up to risk that data can be misused.

We spoke to open detection and response firm Corelight's CISO Bernard Brantley, who believes organizations can implement a complete data strategy, allowing them to work backward from risk to raw logs and create a supply chain that generates information critical to risk reduction activities.

Continue reading →

Enterprise Security Information and Event Management (SIEM) tools are detecting fewer than five of the top 14 MITRE ATT&CK techniques employed by adversaries in the wild, according to a new report.

Analysis by AI-powered detection engineering company CardinalOps also shows SIEMs are missing detections for 80 percent of the complete list of 190+ ATT&CK techniques.

Continue reading →

Security Information and Events Management (SIEM) has become the keystone of many organizations' security strategies in recent years.

But is it effective? And in the era of greater cloud and SaaS use, is the time right for the concept of SIEM to undergo a radical rethink? Andrew Maloney, COO and co-founder at security investigation specialist Query.AI thinks it is. We spoke to him to learn more.

Continue reading →

Almost 75 percent of security analysts are worried about missing out on alerts according to a new study carried out by IDC for FireEye.

The research, which surveyed 300 IT security managers and security analysts in the US, also shows that nearly half of the alerts security analysts receive are false positives, and almost a third get ignored.

Continue reading →

Enterprises invest billions annually on SIEM (Security Information and Event Management) software and expect this investment to result in comprehensive threat coverage.

But a new report from AI-powered threat coverage platform CardinalOps shows that on average SIEM deployment rules miss 84 percent of the techniques listed in MITRE ATT&CK.

Continue reading →

In the face of rising threat levels many businesses have turned to security information and events management (SIEM), but it isn't the right approach for all.

Software-driven security specialist Secureworks is offering an alternative with improvements to its Threat Detection and Response (TDR) product. It allows security operations teams to detect, investigate and respond to security incidents.

Continue reading →