The Noticeable Shift in SIEM Data Sources

SIEM solutions didn't work perfectly well when they were first introduced in the early 2000s, partly because of their architecture and functionality at the time but also due to the faults in the data and data sources that were fed into them.
While this approach provided an additional security layer, it failed to provide SIEM solutions with accurate data due to developers' focus on handling use cases rather than abuse cases.
They weren't experienced and didn't have the experience or knowledge to anticipate all likely attacks and write complex codes to collect or authorize access to data related to those attacks.
Many sophisticated attacks necessitated correlating events across multiple applications and data sources, which was beyond the monitoring of individual applications and their coding capabilities.
They operated within the network infrastructure and allowed admins to monitor network traffic without disrupting the flow of data to the intended destination.
The raw packet data that SPAN and TAP ports collected lacked the necessary context for effective threat detection and analysis, alongside challenges such as limited network visibility, complex configuration, and inadequate capture of encrypted traffic.
The 2000s REST API As a successor to SOAP API, REST API revolutionized data exchange with its simplicity, speed, efficiency, and statelessness.
Aligned with the rise of cloud solutions, REST API served as an ideal conduit between SIEM and cloud environments, offering standardized access to diverse data sources.
REST APIs sometimes over-fetched or under-fetched data, which resulted in inefficient data transfer between the API and the SIEM solution.
Without a strongly typed schema, SIEM solutions found it difficult to accurately map incoming data fields to the predefined schema, leading to parsing errors or data mismatches.
Because of this complexity, security analysts and admins responsible for configuring SIEM data sources found it difficult or even required additional training to handle its integrations effectively.
While some of the above data sources have not been completely scrapped out of use, their technologies have been greatly improved, and they now have seamless integrations.
It offers unparalleled scalability, empowering organizations to manage vast volumes of log data effortlessly.
It provides centralized logging and monitoring capabilities, streamlining data collection and analysis for SIEM solutions.
According to Adam Praksch, a SIEM administrator at IBM, SIEM solutions often struggle to keep pace with the rapid evolution of cloud solutions, resulting in the accumulation of irrelevant events or inaccurate data.
Notwithstanding, El Bagory acknowledged the vast potential of cloud data for SIEM solutions, emphasizing the need to explore beyond basic information from SSH logins and Chrome tabs to include data from command lines and process statistics.
This is because IoT devices are known to generate a wealth of rich data about their operations, interactions, and environments.
IoT devices, renowned for producing diverse data types such as logs, telemetry, and alerts, are considered a SIEM solutions's favorite data source.
This data diversity allows SIEM solutions to analyze different aspects of the network and identify anomalies or suspicious behavior.
While most SIEM data sources date back to the inception of the technology, they have gone through several evolution stages to make sure they are extracting accurate and meaningful data for threat detection.


This Cyber News was published on feeds.dzone.com. Publication date: Thu, 15 Feb 2024 15:43:04 +0000


Cyber News related to The Noticeable Shift in SIEM Data Sources

The Noticeable Shift in SIEM Data Sources - SIEM solutions didn't work perfectly well when they were first introduced in the early 2000s, partly because of their architecture and functionality at the time but also due to the faults in the data and data sources that were fed into them. While ...
8 months ago Feeds.dzone.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
11 months ago Darkreading.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
10 months ago Helpnetsecurity.com
Exploring the SIEM Environment Identifying and Overcoming Vendor Tricks - Are you fed up with the never-ending games and deceptive tactics used by security information and event management vendors? It's time to take control and make informed decisions. That's why we have decided to launch a series of blog posts to help ...
1 year ago Exabeam.com
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
5 months ago Darkreading.com
Part 2: Smart Shift Left - In my previous blog post, we discussed the state of the union for shift left and and how many organizations are not implementing correctly. Recognizing the consequences of a poor shift left model. Many of the high friction points with a poor shift ...
7 months ago Feedpress.me
From the SIEM to the Lake: Bridging the Gap for Splunk Customers Post-Acquisition - The smoke has cleared on Cisco's largest acquisition ever: that of Splunk for $28 billion in September. This acquisition has added a new layer of uncertainty for users, many of which were already wondering what the future holds for threat detection ...
8 months ago Cyberdefensemagazine.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
10 months ago Microsoft.com
How to Enrich Data for Fraud Reduction, Risk Management and Mitigation in BFSI - To stay ahead of these challenges, organizations are increasingly relying on data products to enrich their data and enhance their fraud reduction and risk management strategies. The Data Revolution in BFSI. Data is the lifeblood of the BFSI sector. ...
8 months ago Securityboulevard.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
7 months ago Venturebeat.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
7 months ago Feeds.dzone.com
5 Ways Exabeam Delivers Better Security Outcomes Than Microsoft Sentinel - Security information and event management is one of the most important tools in the fight against cyberthreats, but not all SIEMs are created equal. Native SIEM solutions can be difficult to customize and maintain, and their advertised "Low or free" ...
1 year ago Exabeam.com
Data Governance: MDM and RDM - Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. These goals may include providing reliable data for business operations, developing accurate analytics to assess ...
10 months ago Feeds.dzone.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
7 months ago Feeds.dzone.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
1 year ago Tripwire.com
CVE-2006-0909 - Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) ...
6 years ago
Data Classification Software Features to Look Out For - For organizations looking to improve their data protection and data compliance strategies, technology is essential. Implementation of the right software can help you gain visibility into your company's data, improving your ability to protect customer ...
10 months ago Securityboulevard.com
Whose Data Is It Anyway? Equitable Access in Cybersecurity - COMMENTARY. In an era of enormous data volumes and proliferated sources, cybersecurity has become a data management problem. As we prepare for surmounting challenges ahead, it has become clear: Equitable access to our log data is not just a ...
5 months ago Darkreading.com
How To Implement Data Management Into Your AI Strategy - While an AI strategy has different components, including infrastructure, technology stack, organizational changes, and more, the most important is the data strategy. A well-defined data strategy is the foundation for successful AI implementation. AI ...
10 months ago Feeds.dzone.com
InfoWorld's 2023 Technology of the Year Award winners - The arrival of ChatGPT in late 2022 and the ensuing cascade of large language models ensured that 2023 will forever be known as the year of generative AI. With amazing speed, generative AI has rippled across the entire information technology ...
10 months ago Infoworld.com
Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
10 months ago Securityzap.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles - To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be given to the foundational data and the pertinent data scenarios shaping the application. Software application ...
9 months ago Feeds.dzone.com
Edge Computing: Data and Connectivity - Edge computing is a distributed computing model that brings processing capabilities closer to the data source, be it IoT devices, sensors, or end-user devices, rather than relying on centralized data centers. By decentralizing data processing, edge ...
10 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)