popular siem vs aisiem-v1.0 - seceon inc. · 2018-05-10 · without a mention of “next gen...

1

Seceon.com

“The information in the logs is useful but is

context limited. It’s similar to phone bill, lets you know when a phone call made, to which number and for how long, but doesn’t tell you about the conversation. Similarly, a Proxy server or Firewall logs can provide information about what PC (End-device) accessed what website or URL. Doesn’t provide who was on the PC at that time, and what specific application was riding on top of the URL, again forcing security teams to look at relevant logs, and correlate the information manually"

PopularSIEMvsaiSIEM

You cannot flip a page in any

Cybersecurity magazine, or scroll

through security blogging sites

without a mention of “Next Gen

SIEM”. You can understand why

traditionalSIEMvendorsarepushing

this concept, given all high profile

security breaches in the last few

years, how long it took for

organizations to detect breaches in

spiteofhavingmultitudeofsecurity

solutions and many with SIEM

solutions deployed in their

environment.

WhypopularSIEMshaven’tliveduptoexpectation?

Asweknow,today’sSIEMscollectandaggregatelogsfromdifferentsources,and

alertsecurityteamsbyrunningcorrelationrules.Thereitselfistheproblem.The

informationinthelogsisusefulbutis limited. It’ssimilartophonebill, letsyou

knowwhenaphonecallmade, towhichnumberandforhow long,butdoesn’t

Inreality,SIEMsarenotarchitectedtohandlelargevolumeandhigh-velocitydatainreal-time,theystillrelyonrulestocorrelateandraisealerts,theystill

useageolddataindexing,storageandcomputetechnologiesthatareinflexibleanddoesn’tsupportmodernHybrid-cloudITInfrastructure,containerizationand

orchestrationprinciples.

tell you about the conversation. Similarly, a Proxy server or Firewall logs can

provide informationaboutwhatPC (End-device)accessedwhatwebsiteorURL.

Doesn’t providewhowas on the PC at that time, andwhat specific application

wasridingontopoftheURL,againforcingsecurityteamstolookatrelevantlogs,

and correlate the information manually. The conversation and additional

contextual details has the most important information, that is if there is an

incident of compromise worth spending time on, and what your short-staffed

securityteamsshouldfocuson.Today’sSIEMsaregoodatcollectingandindexing

modest amounts of data and security teams can write basic rules to correlate

known indicators. These SIEMs are not good at detecting unknown attacks,

analyzing massive amounts of data real-time, ingesting network session and

packet information, understanding network and user behaviors, monitor and

protect hybrid-cloud infrastructures, and more importantly take an immediate

action to contain and eliminate threats automatically before the damage is

inflicted.

SIEMvendors’answertoaddressingtheselimitationsisthroughadd-onmodules.

Amoduleforingestingandprocessingnetworktraffic;Amodulefordeeppacket

inspection(DPI);AUEBA(UserandEntityBehavioralAnalytics)module;Amodule

for IaaS, PaaS, Saasmonitoring; Playbooksmodule for threat remediation. And

loosecollectionofthesemodulesismarketedasNext-GenorModernSIEM.

3

1.

Seceon.com

Moreover,bythetimeyouaredoneaddingallthemodules,youwillend-upwith

asystemwithincreasedcomplexitythatishardtodeploy,operationalize,monitor

andmanage.

Andtheresultisasolutionwithhighcostofownershipthatmakesitinaccessibleandunusableformanyorganizations.

“Automaticthreatcontainmentandremediationshouldn’trequirebuildingplaybooksthattakesmonthsandyearstoimplement,butbeavailableout-of-theboxfromtheget-go.Moreover,itshouldbeaccessibletobothFortune5-millionandFortune100enterprises”

aiSIEM:Modern,AdaptiveandIntelligentAt Seceon, we believemodern SIEM cannot be built on antiquated technology

andarchitectures.SOCteamsdeserveasolutionthatisfundamentallydifferentin

its approach. A good solution shouldn’t become burdensome but improve SOC

teams’ efficiency and effectiveness in defending against new-age cyber threats.

Machine Learning and AI cannot be an afterthought, but a core foundation of

SIEM thatbuildspath towardAIassistedSOC.Network flow forensics shouldn’t

be an add-on, but an integral part of holistic threat analysis and detection.

Automatic threat containment and remediation shouldn’t require building

playbooksthattakesmonthsandyearstoimplement,butbeavailableout-of-the

boxfromtheget-go.Moreover,itshouldbeaccessibletobothFortune5-million

andFortune100enterprises.

Drivenbythissingle-mindedfocusandstrongdesire tohelporganizationsofall

sizes, we embarked on building a Cybersecurity solution for Digital-ERA that

encompasses:

• Most advanced, efficient and extremely flexible data source collection,

processingandparsingengine.

• Highly scalable data ingestion bus that is capable of handling 50B events

perday.YetsmallenoughtobedeployedonasingleVM/Cloudinstance.

• Real-time streamprocessing in-memory computeenginebenchmarked to

handle150Meventspersecond.

• Machine Learning engine built to adapt to any new environment quickly

withitsUnsupervised,SupervisedandDeeplearningAI.

• Correlation engine with dynamic threat detection models that becomes

moreintelligentovertimeindetectingbothknownandunknownthreats.

• Big-datadatabasethatisbenchmarkedtohandle400Kopspersecondand

canstoreandarchiveyearsworthofdata.

• Search and in-memory database to assist in executing dynamic threat

models real-time and find that needle in the haystack by eliminating the

noise.

• Built-in integration withmost IT and Network Infrastructure components

(Identity systems, Firewalls, Routers/Switches etc.,) for automatic threat

containmentandelimination.

• Container and Micro-services architecture driven; offering flexibility to

deploythesolutionacrossmyriadofmodernandlegacyITinfrastructures.

• Built-inmulti-tenancyarchitecture.

5

1.

Seceon.com

TheresultisSeceonaiSIEM,whichis:

• Most advanced SIEM with Actionable intelligence and automatic threat

containment&elimination

• AnintegratedMDRandMSStechnologystack.

• A solution easy to install, implement, and operationalize with minimal

configurationandmanagement.

• Ahighlyscalable,cloud,virtualizationandbare-metalnativesolutionwith

built-inhorizontalclusteringandorchestration.

• AsolutionthatcanmonitorandsecureHybrid-cloudinfrastructures.

Figure1:aiSIEMinAction

BenefitsofaiSIEM™

aiSIEMalignstotheGartner’sCARTAapproachtoprovidethesefivemajorbenefitstoenterprises:

• Reduced MTTI (Mean-Time-To-Identify). Detecting threats near-realtime,

notdays,weeksormonthsafter.

• ReducedMTTR (Mean-Time-To-Resolve) by containing threats as soon as

theyaredetectedwithout-of-theboxautomaticremediation.

• MoreefficientandeffectiveSOCteams focusingon“Threat thatMatter”;

Notiteratingthroughthousandsofalertsperday.

• Continuouscomplianceandriskmonitoring.

• ComprehensiveVisibilityofEnterprise’securityposture.

AndManagedSecurityServiceProviders(MSSP)inthefollowingtwoways:

• IntegratedsolutiontoofferMDRandMSSwithminimalinvestment.

• Single pane of glass security posture visibility and monitoring across

tenants.

AccordingtoGartner’snewstrategicapproachContinuousAdaptiveRiskandTrustAssessment(CARTA)(refer:UseaCARTAStrategicApproachtoEmbraceDigitalBusinessOpportunitiesinanEraofAdvancedThreats),continuousdataanalyticsisabsolutelyamusttoconstantlyassessorganization’ssecurityposture,provideadaptiveaccess,predictandanticipatethreatsinreal-timeandrespondtothreatsthatmatterinreal-time

7

1.

Seceon.com

HowaiSIEMdifferentfromtheTraditionalSIEMs:

ConclusionaiSIEM is a truly modern SIEM with ML & AI as core foundations for threatdetectionwithno rules todefine, is adaptive and intelligent to changing threatlandscape, contains and eliminates threats without user intervention. It isdesignedformodernITHybrid-cloudinfrastructuresandhelpsorganizationswithcontinuouscomplianceandriskassessment.

Findoutmoreatwww.seceon.com