How to supercharge your SIEM
Is your SIEM struggling? Is your Security Operations Centre under pressure? Does your SIEM standout from the crowd? Will your SIEM meet the IOT challenges?
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
SIEM game changer
1.
2. Simple Systems
1990s
SMALL DATA
REPORTS
Connected World
2000s
MEDIUM DATA
LOG MANAGEMENT
Internet World
2010s
LARGE DATA
EVENT MANAGEMENT
Total Digital World
Today
HIGH VELOCITY BIG DATA
SITUATIONAL MANAGEMENT
3. The number of sources we have to monitor is rising dramatically
SIEM challenge is the Verbosity, Volume and Velocity of data generated
As the attack landscape grows so does our need for more data
IoT will supercharge this Velocity and Volume
IoT is SIEM’s greatest opportunity and biggest challenge
The traditional SIEM is at breaking point
We have thrown all our grunt and muscle at it
What next?
5. IBM QRadar SIEM + XForce + Watson
From SIEM to threat intelligence to advanced
analytics
Security requires more data as Enterpises
adopt and integrate new technologies
6.
7.
8. SUPERCHARGED
SIEM
Address all the challenges without
heavy development.
Simple bolt on performance
Enhancement
Stand out from the competition
Pave the way for Agility
Address new market sectors and
service delivery methods
Make more companies Secure,
Compliant and Cyber Resilient.
#SIEMSUPERCHARGE
TRADITIONAL SIEM
Restricted to 10s of thousand of Events Per Second
Old world SIEM
New world SIEM
Reliance on third party tools and multiple source connector at the endpoints
Very efficient data processing giving Millions of events per second performance
Complex and Expensive
Server/Appliance requires large number of CPU cores and Memory
Expected to do more than simple Incident and Event Management
Lacks development Agility
Low spec server/appliance
Focused on Event and Incident Management
Highly Scalable and Responsive
Easy deployment , management and to use
Simple Integration with other Attack and Threat management solutions
Enterprise tool, Expensive and difficult for Managed Service Providers in Mid-Market &
below operations
Agile, easier to enhance and add functionality
Meets the requirements od Managed Service Providers, Mid and Lower Market
SUPERCHARGED SIEM
Does not stand head and shoulders over the competition
9. “Security Dialog SIEM innovations are a disruptive game
changer and great at enabling SIEM solutions to meet the
Verbosity, Velocity and Volume challenges without the need
for any major developments, which we can not ignore” “Dramatic cost savings Security Dialog offers
opens up new markets and possibilities for
SIEM vendors and Managed Service
Providers. Affordable Enterprise class SIEM
for SME and SMB is now a reality”
“Wow, from 10s of thousands to millions
of events per second, at a much lower
cost and less complex platform without
major investment or redesign is
something we did not think possible ”
Performance and cost put us
way ahead of the competition
and is a real differentiator in
this competitive market place