The traditional role of the security professional has been supported by systems that provide pre-built rules and out-of-the-box technology. But the nature of today’s threats is different. The newest threats are precisely designed to bypass the pre-built rules and canned correlations of most of the incumbent technologies. To support this type of innovation, the optimal solution should provide an agile threat response via a combination of pre-built data views and ad hoc analysis to support and cultivate the imagination and knowledge of the security practitioner. Here are five critical questions that should be asked during any SIEM RFP process:
• Does the solution help me perform “normative statistical analysis” to help figure out what’s normal and what’s not?
• Will I spend more time getting data into the system than on analysis of the data?
• Will the solution support and foster ingenuity and creativity?
• Does the solution support the convergence of IT operations, application management and security use cases?
• Can the solution scale to meet the challenge of continuously increasing data volumes (big data)?
In an asymmetric war between the attacker and the IT professional, where the attacker only has to be right once and the IT professional has to be right all the time, security practitioners need to start thinking differently about how much data they collect, how they analyze the data, and how they think about unknown adversaries and threats. Splunk provides a security intelligence platform that meets the out-of-the-box SIEM requirements, as well as the flexibility and scale to address the unknown threats of tomorrow in ever-increasing volumes of data. Read more about how Splunk can help today’s security professional address their SIEM requirements.