Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized... Membership! Membership!

Tweet Register as an member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

The Role of Next Gen SIEM in the Era of IoT and 5G

April 18, 2023 No Comments

by Jeff Broth

The hype over 5G may have already fizzled out, but it is undeniable that the technology already exists and is benefiting industries and customers worldwide. It’s the same with the Internet of Things. Businesses, nonprofits, government agencies, and households already make use of IoT devices, with some unaware that they are already interfacing with an IoT ecosystem in their everyday lives.

The 5G and IoT era is here, but it’s not all beer and skittles. With all the conveniences also come the risks. The addition of more IoT devices to networks and faster internet speeds create more opportunities for threat actors to breach security systems.

Next Gen SIEM to the Rescue

Security information and event management or SIEM was introduced by Garter in 2005 as a way to improve security posture management by providing a unified system to collect, analyze, and correlate security data and events. It was designed to significantly boost security visibility by collecting security data from a wide range of sources including network devices, endpoints, apps, and the various security tools used by an organization.

Almost two decades after its debut, SIEM is getting its much-needed upgrade in the form of next gen SIEM. The threat landscape has changed, and conventional ways of achieving security visibility are no longer effective. The security threats, vulnerabilities, and malicious activities that plague modern networks and IT systems have become more complex.

Myriad devices are getting added to networks and organizations rely on cloud services more than ever. These are scenarios not accounted for when the original SIEM was conceptualized. If organizations want to have a chance to fight back against more aggressive and rapidly evolving threat actors, they need a security information and event management system that allows them to proactively detect and oversee attack surfaces, collect security data from new sources, and respond more agilely against attacks.

Next Gen SIEM updated capabilities

Next generation SIEM promises more features and functions that address the weaknesses of its predecessor. Here’s a summary of the upgrades.

Scalability – The new generation of SIEM is capable of handling extra large amounts of data, something traditional SIEM will struggle or even fail to deal with. It supports big data architecture as well as microservices, which are now the norm for online services and applications.

Cloud-native architectureMore than 94% of organizations are already using cloud solutions. Ignoring this reality does not bode well for efforts to ensure security visibility. NG-SIEM is built to be cloud-native and capable of leveraging cloud-based analytics solutions to achieve greater threat detection efficiency and quicker response.

Real-time detection and response – Another improvement in next gen SIEM is its ability to spot and address threats at the soonest possible time. This is possible because of AI, machine learning, sophisticated analytics, and new systems that facilitate faster data collection. Next gen SIEM can integrate API connectors, log parsers, network sensors, and other tools that can gather third-party data. It is also compatible with open architectures to support the development of additional tools suitable for the specific needs of an organization.

More automation – Automation was already possible with the previous version of SIEM, but more advanced AI and machine learning significantly bolster automation with next gen SIEM. Threat detection is made considerably faster and with better accuracy through automated correlation. Also, threat hunting is now more expeditious with automated threat detection and response playbooks and the generation of actionable data.

Security tools integration – Another important upgrade in next generation SIEM is its compatibility with various security solutions to unify security information gathering, analysis, and response. It works with endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), threat intelligence platforms (TIP), sandboxing, user and entity behavior analytics (UEBA), and other modern security tools. In leading next gen SIEM platforms, these tools may be available as native capabilities, which means they are included out of the box

User and entity behavior analytics (UEBA) – The integration of UEBA in next generation SIEM merits its own entry on this list because of its advanced ability to stay on top of new threats. Instead of solely relying on threat intelligence sources, it tracks and analyzes user and entity activity on networks to detect anomalous behavior that may be a security concern.

The need to keep up with IoT and 5G

The rise of 5G means significantly faster internet connection or data transmission speeds, which can reach up to 20 gigabits per second. Meanwhile, the growing use of IoT devices for various applications means that digital data is generated at an unprecedented pace. The widespread use of these technologies certainly means the generation of overwhelming volumes of data. It is estimated that 94 zettabytes of data were generated in 2022. This translates to a daily data generation of over 257,534 petabytes or the equivalent of over a quarter billion one-terabyte hard drives.

SIEM does not necessarily have to handle all of these nauseating amounts of data. However, even if only a small fraction of this is related to cybersecurity concerns, it is still a lot for SIEM platforms to process. There is a need for a more scalable infrastructure that is also cloud-native and capable of addressing alerts and incidents in real-time.

Essentially, SIEM needs to keep up with the gargantuan uptick in data generation and transmission rates. After all, 5G and IoT are not exclusively used for productive, mundane, and benign purposes. They are also available to perpetrators of cyber attacks.

It is estimated that there are nearly 20 billion IoT devices in the world in 2023. To keep up with all the security data they generate, plus the data from the billions of non-IoT connected devices, SIEM needs to have a bigger capacity and more agile data collection and processing capability. Also, SIEM cannot afford to respond to security events at its usual pace. It only takes a fraction of a second to download and execute malware nowadays because of a superfast 5G internet connection. A lot can happen in the seconds that SIEM fails to detect and resolve a threat.

The role of NG-SIEM

Next generation SIEM serves as the abler (compared to its predecessor) regulator of threats that pass through superfast 5G connections and lurk in the humongous amounts of data produced by myriad web-enabled devices. It ensures that cybersecurity systems do not drown in the deluge of security data they continuously encounter and rapidly process such large amounts of data to accurately detect and prioritize the most critical alerts or events and ensure a rapid response.

NG-SIEM helps avoid false positives and at the same time ensures that urgent concerns are not buried underneath a succession of less important security notifications and data. It harnesses advanced technologies, particularly AI, to match the breadth and speed of the new threat landscape boosted by 5G and IoT.

Click here to view more IT Briefcase content!

Sorry, the comment form is closed at this time.