This blog post was written by Karl Klaessig.
They say you can’t teach an old dog, new tricks—or can you? The technology landscape has changed dramatically over the last 10 years, and many security approaches organizations previously relied on are no match for today’s advanced threats. Tools like Security Information and Event Management (SIEM) have become critical to securing an increasingly complex network infrastructure.
Understanding how SIEM has evolved over time is crucial to developing effective security and risk management strategies that align with business priorities and can better accommodate distributed IT, cloud, and virtual environments.
Previously, SIEM was a two-blade solution that consisted mainly of log collection and compliance reporting. Today, SIEM solutions act as a Swiss Army knife collecting, storing, normalizing, correlating, and analyzing data from dozens of security and network devices, and providing security intelligence as well as a baseline of typical network behavior.
The basics are no longer enough, however, and next-generation SIEM solutions must have expanded feature sets to provide greater business value.
With this in mind, I’m excited to kick off the Evolution of SIEM Series to share how SIEM can become an integral part of a larger security program. Over the following weeks, I will highlight how the latest McAfee SIEM solution, Enterprise Security Manager (ESM), can improve Big Data Security, situational awareness, advanced evasion, and incident response times.
As businesses face more targeted and persistent threats, a trusted SIEM solution can be an essential security component, critical to detecting and mitigating those risks.
Stay tuned for the next installment, where we will discuss the capabilities that make the McAfee SIEM solution stand out.
In the meantime, be sure to check out the McAfee SNS Journal for technical briefs, news, and product spotlights.