In the 1990’s, security information and event management (SIEM) solutions were developed. They were available as appliances that had to be deployed on-premises in data centres, thus limiting the scalability. The overall system was also complex. With growth of the IT industry, the new and improved next generation SIEM is built on a big data platform that provides unlimited scalability and built in the cloud, for the cloud. A next-generation SIEM includes log management, behavior analytics-based advanced threat detection, and automated incident response all on a single platform.
Working of the next gen SIEMs is based on the following steps-
· Collect data
· Enrich data
· Store data
· Apply correlation and analytics
· Provide data insights and reporting
SIEMs are useful in various areas. Some of them are-
· Threat hunting and investigation
· Incident response and case management
· Threat detection
· Cloud security
· Maintain compliance
At TSI, we aim to leverage this technology as per the client requirements.
