aiSIEM: The Smart SIEM with Actionable Intelligence

0
55

Does your business need to mitigate the security breach risk by minimizing the Mean Time-to- Identify (MTTI) and Mean-Time-to-Resolve (MTTR) to the lowest? Well, Read on. Security Information and Event Management (SIEM) has been a critical technology part of an organization’s security posture for a long time. However, many organizations struggle today with its poor or non-actionable correlation leading to high MTTI, time-consuming patch updates and application of rules leading to increased MTTR, and, above all, much higher total cost of ownership (TCO). These challenges are exasperated as enterprises are embracing new technologies, such as, Cloud, Big Data, IoT, Mobility, DevOps and Blockchain.

Introduction

SIEM technology is very crucial to organization’s security and has matured over the last 20 years, yet most organizations fail to derive the best value out of SIEM because of its implementation complexity and operational challenges. SIEM plays an important role and does a good job of centralized analysis and reporting to detect attack by ingesting logs and additional contextual data from different sources. According to Gartner, it is the fastest growing market segment and no single technology, such as, central log management (CLM), UEBA, NTA, SOAR or EDR can replace the entire set of SIEM capabilities. With the adoption of hybrid cloud networks, growing complexity and number of cybersecurity threat vectors and a lack of cybersecurity expert talent, many businesses need an improved set of capabilities to complement their SIEM. Furthermore, the volume of security incidents of interests is rapidly growing and has been unmanageable for the limited SOC team creating a need for end-to-end automation of detection and response.

With the growing demand and evolution of technology to circumvent the challenges of traditional SIEM, Gartner defines the  modern SIEM to work with more than just log data and apply more than simple correlation rules for data analysis. Some of the key capabilities of the modern SIEM include, large-scale and more robust data collection from cloud and other modern IT data sources, collect & analyze logs and data from networks & endpoints, incorporate threat intelligence (TI) feeds for correlation and enrichment, enhanced data analytics beyond rules, fast and scalable search over volumes of raw data and, most importantly, automated response.

Seceon aiSIEM™

Seceon  aiSIEM  goes beyond using the log data, simple analysis for correlation of events and applying rules to enhance an organization’s security posture. It ingests raw streaming data (Logs, Packets, Flows, Identities) from a variety of sources. Real-time Machine learning handles large data volumes in conjunction with contemporary big/fast data frameworks efficiently and enables adapting to any environment dynamically upon deployment for deep data analysis. The complexity is substantially reduced by dynamic threat models engine and behavioral analytics engine that eliminate need for writing complex rules; complemented with advanced patent pending correlation engine powered by artificial intelligence that generates meaningful alerts with improved accuracy from scores of threat indicators otherwise analyzed by the security professionals. In today’s world where data gets stolen within minutes of a breach, requiring analysts to constantly re-write and fine tune policy rules leads to unacceptable response time and more importantly considerable damage. aiSIEM effectively meets these critical business requirements with an automated approach of producing and applying actionable intelligence for threat containment and elimination in near real-time.

The contemporary big/fast data technologies and a great innovation in patented Dynamic Threat Models, ML and AI at Seceon has helped create one of the best contemporary SIEM solution, aiSIEM, that covers a breadth of different data sources, features, and a variety of reports to provide get comprehensive visibility into organization’s security posture at any given time. Furthermore, aiSIEM incorporates omni-directional traffic i.e. east-west and north-south, real- time threat intelligence, proprietary feature engineering and the state of the art ML and AI techniques to reduce or eliminate the security risk through the shortest threat detection time and an immediate automated response to the attack.

Additionally, the scalability and distributed architecture of the aiSIEM has been designed to support today’s enterprise SOC teams as well as MSSPs. The laser-like focus of aiSIEM on human and machine actionable intelligence, and minimum false positives enables surfacing of threats that truly matter without missing a beat.  The detection of only relevant threats empowers SOC analysts to focus on real breaches and not on a volume of noise, thus improving efficiency and effectiveness significantly. Higher efficiency will translate into addressing a lot more real security issues that would have otherwise gone unnoticed resulting in the greatly improved security for your business. For MSSPs, aiSIEM comes with built-in multi-tenant architecture that can be easily deployed on premise or in cloud to provide managed security services to organizations of any size. Furthermore, the aiSIEM solution architecture supports horizontal clustering that can scale up with your business growth with no sacrifice on your security key performance metrics (KPIs).

How aiSIEM differs from the Traditional SIEMs:

Benefits of aiSIEM™

Most organizations are unable to deal with the increasing number and sophistication of cyber threats because it either takes them too long to identify them or takes too much time to stop them from inflicting damage once they have been breached. According to Gartner’s new strategic approach Continuous Adaptive Risk and Trust Assessment (CARTA) (refer:  Use a CARTA Strategic Approach to Embrace Digital Business Opportunities in an Era of Advanced Threats), continuous data analytics is absolutely must to constantly assess organization’s security posture, provide adaptive access, predict and anticipate threats in real-time and respond to threats that matter in real-time. aiSIEM aligns to the Gartner’s CARTA approach to provide these four major benefits:

Reduce Mean-Time-To-Identify (MTTI) with Proactive Threat Detection

Threat detection involves finding anomalies by analyzing and correlating data from large and disparate sources internal to the organization and also correlating the same with global threat intelligence to surface threats. Majority of tools and platforms, even though, are positioned to monitor, identify and manage security threats, are actually designed to collect and analyze forensic data.

aiSIEM™ proactively detects threats and surfaces them in real-time or near real-time without an agent or alert fatigue. It uses dynamic threat models, machine learning and AI with actionable intelligence combined with proprietary feature engineering for threat detection of known and unknown threats. The aiSIEM solution performs threat detection across the cloud, on-premise, and hybrid environments for MSSPs and Enterprises.

Reduce Mean-Time-To-Resolve (MTTR) with Automatic Threat Remediation

In the digital era, the instant response to the security breach is no longer a nice-to-have feature, it’s a must requirement. The cost of the breach increases exponentially with the delayed response to the breach. Modern day tools and platforms provide remediation by putting teams of security experts to write and apply complex rules, use playbooks or simply outsource analysis, remediation, and reporting. The process, of course, is expensive, time consuming and prone to human errors.

aiSIEM™ performs automatic threat containment and elimination in real-time. It also provides clear actionable steps to eliminate the threats that can either be taken automatically by the system or manually by the security expert post-analysis. The auto-remediation can also be triggered as per a specific ‘configurable’ schedule and can be used for effective risk mitigation in near real-time.

Continuous Compliance and Risk Monitoring

Organizations need to adhere to security governance and regulatory compliance audit and reporting to avoid any litigation while remaining accountable to business objectives. They must conform to the stated requirements, which varies by industries and geographies.

aiSIEM™ offers continuous compliance and scheduled or on-demand reporting for HIPAA, GDPR, PCI-DSS, NIST, FINRA and many other similar regulations by providing long-term data analytics for security operations, investigation support and reporting.

Comprehensive Visibility

What you cannot see, you cannot secure. Today there are multiple Single Pane of Glass views for network traffic, applications, users, devices, vulnerability assessment, threat monitoring etc. The challenge for any enterprise is to understand all the interactions holistically and have a  Single Pane of Glass view for all of these details and the ability to drill down into any communication in order to understand who, what, where for every transaction or an event.

aiSIEM™ ingests all your raw streaming data (Logs, Packets, Flows, Identities) from many different types of devices and applications in your environment. It then enriches the data extracting meaningful features to provide real-time extensive view of all assets (users, hosts, servers, applications, data access and movement, traffic) that are on premise, cloud or hybrid and their interactions.

Conclusion

Organizations are only as secure as its weakest link and rely on SIEM solutions to protect against cyber threats. SIEM technology has evolved gradually over the past decade and continues to mature with the growing threat landscape and adoption of cloud services. Seceon aiSIEM goes far and above the capabilities of the typical SIEM solutions. aiSIEM helps organizations to visualize user activity, behavior, applications and flows. It empowers the SOC analysts to become more efficient and helps organizations to reduce MTTI and MTTR alongside providing continuous compliance for the business.

Authors:
Arun Gandhi: https://www.linkedin.com/in/arungandhi/
Smit Kadakia: https://www.linkedin.com/in/smit-kadakia-7a1b75/