How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools

Uploaded on 2023-01-21 in FREE TO VIEW

Brought To You By Rene Mulyandari 

The use of multiple applications from different providers has been the norm among organizations for decades now. It rarely happens that a company uses software provided by the same developer in all areas. This is noticeable when it comes to enterprise cybersecurity, as organizations tend to use different tools for their web application firewall, virus and malware defense, email scanning, and other security-related purposes.

While there are compelling reasons to adopt a multi-vendor model in addressing enterprise software needs, there are also arguments in support of sourcing software from one or a few providers. In the case of Security Information and Event Management (SIEM), in particular, it is much easier to analyze security data and respond to security incidents when security controls are from the same vendor or from a few integrated developers.

However, not all organizations can easily replace their security controls to undertake SIEM more easily. Many have already been using multiple security controls from different vendors before SIEM became a requirement for compliance with GDPR, PCI DSS, and other regulations.

Next gen SIEM vs Disjointed Security Tools

Addressing the challenges of multi-vendor enterprise software does not have to mean replacing existing tools with integrable ones or those from a common vendor. With next gen SIEM, unifying disjointed security tools and data sources is more easily achievable.

Nex gen SIEM is a comprehensive approach to cybersecurity that resolves the risks associated with disjointed security tools. It addresses the limitations of traditional SIEM solutions, especially in terms of managing the fragmentation in cybersecurity tools. Disjointed tools are not only inefficient; they also translate to poor security visibility and the greater possibility of failing to spot vulnerabilities and address weaknesses.

Next gen SIEM is designed to provide a unified platform to integrate all security tools and data sources, enabling quick information management and analysis as well as prompt response to attacks. However, integration is not the only improvement it offers. To comprehensively resolve the challenges of disjointed security controls, it also offers the following enhancements.

Better Data Coverage & Management

Next generation SIEM expands beyond system logs and events–the kinds of data covered by conventional SIEM. It scans data from all available sources including cloud service data, on-premise logs, and network data. Cloud and on-premise data are those generated by security controls, databases, and apps. Network data come from endpoints, intrusion detection tools, flows, and packets. Next gen SIEM is built for full visibility and ensures that data from all relevant sources are obtained to facilitate effective security information and incident management.

Data Normalization & Enrichment

To ensure that the data collected are usable, it is crucial to make them consistent or compatible with each other. Also, in cases where data is incomplete, it is essential to fill the data gaps to establish the full picture. This is where next gen SIEM’s emphasis on data normalization and enrichment is vital. Normalization ensures data consistency and compatibility to expedite analysis, while enrichment is undertaken to discover missing data to achieve greater accuracy in analytics and event response. Also, data has to be normalized and enriched to be useful to AI or machine learning systems.

Artificial Intelligence

AI or machine learning is not new technology, but it took some time for it to be integrated in security information and event management. Next gen SIEM is built to enable proactive threat detection with the help of artificial intelligence. It does not only rely on threat intelligence to detect and address attacks. 

Machine learning facilitates the benchmarking of normal behavior which serves as one of the bases for detecting anomalous or suspicious activities. Referred to as User and Entity Behavior Analytics (UEBA), this AI-driven technology continuously monitors activities in a network to detect potentially dangerous activities or those that deviate from behaviors considered normal or safe.

Another use of AI in next gen SIEM is addressing the problem of information overload. With multiple disjointed security tools producing various types of data, the alerts and other information can become overwhelming. This can result in alert fatigue, which causes organizations to miss crucial notifications or fail to act promptly on urgent security events.

An IDC study estimates that up to 30 percent of security alerts are ignored or not properly investigated because of the complexity of their security systems and the deluge of information security analysts have to deal with. Machine learning can sort and prioritize alerts to ensure that the most urgent concerns are addressed in a timely manner and automate the responses to basic alerts.

Optimal Cloud & Hybrid Use

Many of the next gen SIEM platforms available nowadays are designed to be cloud-native, which is logical given how cloud technology enables the seamless sharing of information and deployment from anywhere. Next generation SIEM can bring together different security controls not only within a local network but also across different geographic locations.

Some next generation SIEM platforms feature built-in multi-tier, multi-tenant and multi-site functionalities to support the strategy an organization adopts instead of making the strategy adapt to the platform. A multi-tier architecture supports the efficient sharing of resources, which does not only make for easier and faster deployment but also extensive scalability. 

Multi-tenancy is intended for complex enterprises that require granular control over how their security system is deployed and enables the creation of specialized operational views to suit specific needs. Multi-site functionality, on the other hand, ensures full security visibility even for data that should be physically stored and secured in specific locations in line with data privacy and security regulations.

The Problem With Disjointed Tools

Is the use of disjointed security tools a serious problem? There is no doubt that it can be problematic because it results in inefficiency, reduced effectiveness, and poor security visibility. Security controls from different developers are usually not designed to work together. The lack of coherence among multiple security tools makes it difficult to achieve a comprehensive view of the threats affecting an organization.

Moreover, disjointed tools may also create redundancies and inconsistencies. These can lead to confusion, complexities, and difficulties in security posture management. It allows persistent vulnerabilities to continue weakening security postures. It aggravates security gaps and makes it harder to find and respond to security threats. It also worsens the problem of alert fatigue.

Disjointed security tools are not a new problem in cybersecurity. However, because of new technologies and paradigms, this problem has evolved into a form not addressable by the conventional ways of conducting security information and event management.

Next generation SIEM’s purpose is not that different from standard SIEM’s. Both are designed to enable optimum security visibility and make the most out of the security controls deployed in an organization. The next gen iteration, however, emphasizes the need to keep up with new security challenges particularly when it comes to more complex infrastructures and environments, the prominence of cloud use, the use of new types of IT assets, and the rapid evolution of threats.

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« T-Mobile Hacker Exposes 37m Customers' Personal Data
The Back Door Threat To Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

National Cyber Security Centre (CNCS) - Portugal

National Cyber Security Centre (CNCS) - Portugal

CNCS is the operational coordinator and Portuguese national authority in cybersecurity working with State entities, and digital service providers

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

WebSec

WebSec

WebSec is a cybersecurity firm based in Amsterdam (NL) and Wyoming (US), specializing in offensive security services including penetration testing, red teaming, and tailored security assessments.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.

ShieldHaus

ShieldHaus

Protect your business from evolving cyber threats with ShieldHaus. Our real-time, AI-powered security solutions block malicious IPs, phishing attempts, and harmful domains to safeguard your systems an