In the 1990’s, security information and event management (SIEM) solutions were developed. They were available as appliances that had to be deployed on-premises in data centres, thus limiting the scalability. The overall system was also complex. With growth of the IT industry, the new and improved next generation SIEM is built on a big data platform that provides unlimited scalability and built in the cloud, for the cloud. A next-generation SIEM includes log management, behavior analytics-based advanced threat detection, and automated incident response all on a single platform.
Working of the next gen SIEMs is based on the following steps-
- Collect data
- Enrich data
- Store data
- Apply correlation and analytics
- Provide data insights and reporting
SIEMs are useful in various areas. Some of them are-
- Threat hunting and investigation
- Incident response and case management
- Threat detection
- Cloud security
- Maintain compliance
At ThoughtStorm, we aim to leverage this technology as per the client requirements.