Traditionally, Security Information and Event Management (SIEM) was used by companies to ensure regulatory compliance. But now, SIEM is primarily used for threat monitoring.
As per Gartner analysts, there has been a “strong shift in focus in the client base to threat monitoring in the past year,” with compliance now playing second fiddle.
However, the shift is quite natural as the steep rise in the number of data breaches have become a nightmare for CIOs. A data breach can not only lead to financial losses but also ruin an organization’s reputation. Also, businesses have to pay regulatory fines and bear remediation costs.
According to the latest IBM data breach report, the global average cost of a data breach is $3.26 million in 2019 – up 6.4 % from 2017. The average cost for each lost or stolen record containing sensitive and confidential information is $144.
SIEM offers great threat monitoring capabilities to organizations for dealing with risks associated with data breaches. Modern SIEM tools have improved threat detection capabilities and can deal with more data than ever.
What is SIEM?
SIEM term was coined by Gartner analysts Mark Nicolett and Amrit Williams in 2005. This is how Gartner defines SIEM.
SIEM is a “technology that aggregates event data produced by security devices, network infrastructures, systems, and applications.”
SIEM collects different kinds of data sets such as log data, NetFlow and network packets from disparate sources and normalizes the data to analyze the results for different purposes, such as network security event monitoring, user activity monitoring and compliance reporting.
Three critical capabilities of SIEM
These are the three critical capabilities of SIEM as identified by Gartner.
SIEM has become an important tool in the data security ecosystem, as it collects and analyzes data to identify abnormal behavior and prevent potential cyberattacks. More and more companies are now deploying SIEM for threat detection and compliance.
According to a recent survey, SIEM is now a $2 billion industry. However, only 21.9 % of those companies have been able to derive any business value from it. This could be because it is both resource-intensive and expensive.
In the future, we may come up with improved SIEM tools that would resolve these issues and boost adoption. Recently, many UEM vendors have started collaborating with SIEM vendors to increase threat monitoring capabilities and secure their customers’ data. 42Gears has integration with leading SIEM tool, Splunk, which is a full on-premise SIEM solution that Gartner rates as a leader in the industry.