Posted on

The Top SIEM Challenges Modern Security Practitioners Face Today

In many ways, the tools security professionals have at their disposal have not kept up with the seismic changes in IT infrastructure and workloads brought about by the cloud. For example, most Security Information and Event Management (SIEM) platforms are still based on decades-old technology and architectures.

The deficiencies in traditional SIEM solutions are common knowledge throughout the industry, at least anecdotally, but I wanted to see actual data. To explore the firsthand experiences of security practitioners, my company, Panther Labs, commissioned an independent study to understand how well legacy SIEMs meet the needs of security teams today. 

Posted on

SIEM Should Focus On Active Threat Detection Over Operational Tasks

SIEM tools have become more challenging to set up, manage, and use on a day-to-day basis. Busy security teams find themselves overwhelmed by the SIEM solution itself, and this takes their focus away from the actual threats they need to identify and stop. The solution is to offload key threat detection capabilities from the in-house team to a SIEM solution, or service provider. This frees up the in-house security team to focus on strategic initiatives, and importantly, results in more secure systems.

Operational Duties Eclipse Security

A SIEM solution should excel at helping teams identify threats and mitigate them. In recent years, there has been a focus on mitigation, and neglect of actually identifying threats. SIEM has become all about operations and compliance, and less about security. Security teams have reflected this trend. They spend a bulk of their time collecting logs, parsing them, storing them for three months or more, dealing with alerts when they come up, and bringing down the meantime to recovery/response. 

Posted on

Use Cases for Apache Kafka in the Public Sector

The public sector includes many different areas. Some groups leverage cutting-edge technology, like military leverage. Others like the public administration are years or even decades behind. This blog series explores how the public sector leverages data in motion powered by Apache Kafka to add value for innovative new applications and modernize legacy IT infrastructures. Life is a stream of events. Therefore, examples include a broad spectrum of use cases across smart cities, citizen services, energy and utilities, and national security deployed across the edge, hybrid, and multi-cloud scenarios.

Blog Series: Apache Kafka in the Public Sector and Government

This blog series explores why many governments and public infrastructure sectors leverage event streaming for various use cases. Learn about real-world deployments and different architectures for Kafka in the public sector:

Posted on

5 Questions to Ask Before Choosing a SIEM Platform in 2021 and Beyond

You've probably never heard any company tout the fact that theirs is a "legacy solution." Of course not. The term legacy carries a negative connotation — it's the opposite of "new and improved" in the language of marketers. But, in reality, some solutions indeed are legacy, and others represent the next generation of technology.

Both next-gen and legacy are overused terms that have no consistently precise meaning. Marketing folks can use them however they choose. So how do you determine which SIEM platforms are deserving of either the legacy or next-gen moniker?

Posted on

Security Information and Event Management (SIEM) with Elastic

With increased Cybersecurity challenges, firms are constantly battling to bring down the Mean Time to Detect/Discover (MTTD) of security threats. This is critical for multiple aspects such as customer satisfaction, legal compliance, and creditability of the organizations. The organization needs to identify, communicate and mitigate an issue before the user does.

As an extension to my earlier article on Cybersecurity Trends, let us explore how Security Information and Event Management (SIEM) can be achieved through Elastic.

Posted on

What To Look For In Your Next SIEM Provider

Security information and event management (SIEM) software is a security information system that analyzes security alerts and data generated from devices on a network in real-time. It will act as a platform that efficiently collects and stores security data at a central point and then converts it into actionable intelligence. SIEM tooling has become highly relevant, especially if you have a deal with a data/security breach and you need to 'know' how and what happened in such a ‘cyber-security’ incident.

A SIEM tool can oversee this type of incident and improve the management of it by:

Posted on

Navigating Through Logs for Information Disclosure Requests

In a world of compliance and disclosure requests, the ability to investigate raw log files whilst shutting out the noise can not only be a time-saving maneuverer in your process but also reduce the risk of mistakes. The ability to analyse large volumes of log files, be it on the cloud, or hidden away in on-prem archives, will make a great difference on how your tech team operates.

Using higher education as an example. Every year, new students join a University and for IT teams, this means new logs. But it also means new devices on the networks, in Europe, this includes Eduroam, a 3rd party network point where logs may not be as easily accessible. On average, a student will bring in a mobile phone & laptop. But in this ever-growing IoT world, students are expected to bring more smart devices as well as devices such as tablets. This increases a student’s footprint on any SIEM solution.