Most large organizations have already deployed a SIEM, and spent considerable money and effort doing so. While those organizations may be satisfied with their SIEM implementations, or possibly not, rip & replace for those not satisfied is almost certainly not an option—for two reasons.
One reason is that doing so (rip & replace) would be highly disruptive to those organizations’ existing security programs and capabilities. Secondly, any alternative SIEM product available today would need to be significantly better than that organization’s existing implementation and therefore worth the cost and disruption. That is problematic.
While the list of security tools being used continues to get longer, maybe (SIEM) additive or complementary capabilities are necessary to significantly improve SIEM capabilities? Is there a credible alternative to existing SIEM products today? Not yet. So additive, rather than replacement is the likely path for now.
What do those additive or complementary capabilities look like? Certainly not something based on the tedious process of writing, testing, refining, and updating numerous correlations. Correlations, which effective become static rules in most operating realities, are not what is sought. How about a more flexible approach that complements existing SIEM capabilities?
SIEMs are excellent tools when I know exactly what questions to ask of it. But frankly, I am not that good, and my team is not that good (and neither is yours) to know all of the exact questions to ask of the SIEM. By definition, I am asking the SIEM about known unknowns. But, as former Secretary of Defense Donald Rumsfeld said, what about unknown unknowns? Enter artificial intelligence, and specifically, machine learning.
Machine learning is an excellent complement to SIEMs. SIEMs answer your specific questions (correlations) about known unknowns, and machine learning effectively asks, and detects, unknown unknowns for your organization.
Interested in finding out more? Request a demo.