Co-authored by Cami Lewis, ArcSight Security PMM and Michael Gutsche, Security Specialist
Security Information and Event Management (SIEM) tools have played a central role in enterprise IT security for more than a decade, and some believe the technology has reached its end of life. Those declaring the death of SIEM point to the proliferation of newer advanced analytics tools that scour infrastructures and alert security personnel to more advanced threats that require investigation. They believe analytics tools can and will replace SIEM while providing more value to the enterprise.
The assertion that SIEM is dead could not be further from the truth. There is tremendous value provided by SIEM that is often taken for granted by organizations today. Think of it like a high-performance vehicle. Advanced analytics is the exterior shell--the sleek aerodynamic body and fancy rims--and SIEM is what’s under the hood. What drives a car? The engine. No matter how magnificent the body may look or how many wheels the car has, the car won’t move without the engine. SIEM is not only alive and well, it is the engine powering the security operation centers of the world today.
A good SIEM tool will mask much of its underlying complexity, but it is still important to have an understanding of what is going on under the hood. Before SIEM, organizations arguably did not collect security log data at all. ArcSight collects security logs into a central place, enriches the data and then compresses and normalizes it, filters out the noise and puts it all together in a way that makes sense to the security practitioner. ArcSight makes search and investigation much easier by enabling a practitioner to view data from a historic and real time perspective to see what’s happening in their environment today. ArcSight also allows a practitioner to conduct investigations in a timely fashion through robust automation. Without ArcSight, a practitioner relying on analytics tools alone would have to manually correlate the data, build context and joins, and simply could not conduct investigations efficiently. While analytics tools play a critical role in advanced threat detection, there must be a foundation to build on. That foundation is SIEM.
The role of SIEM has evolved with the introduction of advanced analytics but by no means will analytics tools replace SIEM. SIEM tools will continue to play a vital role in the security defenses of organizations of all sizes. By understanding how they have evolved and matching your selection to your particular requirements, SIEM can provide essential security protection.
Micro Focus ArcSight has been a key player in the industry for as long as SIEM has existed. We have been recognized by Gartner in the leader’s quadrant every year. In fact, we have been leaders for more years than anyone has been in the MQ consistently. At Micro Focus, advanced analytics is becoming part of the SIEM solution. ArcSight can be a strategic partner for organizations wanting a complete solution including the fundamental foundation as well as advanced analytics capabilities.
Even though new high-performance bells and whistles are introduced regularly in the automobile industry, the engine will not go away. SIEM is here to stay.