{"id":4807,"date":"2017-09-25T12:15:41","date_gmt":"2017-09-25T12:15:41","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=4807"},"modified":"2024-04-10T04:45:30","modified_gmt":"2024-04-10T04:45:30","slug":"siem-what-next","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/siem-what-next\/","title":{"rendered":"SIEM What Next?"},"content":{"rendered":"
<\/div>

Over past decade we have seen the evolution of SIEM<\/a><\/strong> from simple log management to Next Generation SIEM. During this\u00a0evolution, OEM’s have invented and used lots of buzz words like SIM, SIEM, SOC-in-the-box, NexGen SIEM, etc.<\/p>\n

Remember those days when simple monthly report generation was nightmare. We also witnessed SIEM database starting\u00a0from structured to unstructured and currently use of big data platforms<\/a>.<\/p>\n

What Next….<\/p>\n

There is proliferation of new threat vectors and they will grow much more in upcoming years. With this shift, technology must evolve and address the issues. To address these issues SIEM tool will need to have larger data inputs from entire pile of technologies. As there will be growth in volume and velocity of data inputs, big data platforms will be used in most of the places.<\/p>\n

Existing SIEM platforms<\/em> may get a new layer on top of them to address growing security needs. These layers will consist\u00a0of Machine learning, Behavioral Analytics, Anomaly detection<\/a>, security orchestration, custom\/focused threat intelligence\u00a0IoT\u2019s & Automation. We may see chat-bots used for gathering information from systems. For example, an analyst may ask chat-bot<\/strong><\/em><\/a> to fetch system patch level or currently logged on users. Vendors\/OEM\/Service Providers will be collaborating these technologies under one frame work.<\/p>\n

Machine learning<\/a> may be used to learn typical responses by analysts to specific patterns observed over network and provide alert\/alarms as and when patterns are matched. Tools may try to have visibility\u00a0over network traffic and capture meta data for more granular detection.<\/p>\n

I can foresee that L1 level analysts may be replaced by automation tools. Automation tools<\/strong> will be used to identify and\u00a0respond to majority of auto generated triggers. For example, a known blacklisted IP addressing trying to probe into my\u00a0network, automation kicks in and blocks on perimeter device. With automation possibility of use case are many, SOC & IR\u00a0team will be going to love this faster way of incident response.<\/p>\n

L1 Analyst team may be replaced but you may see emergence of Hunt team, reverse malware analyst and forensic\u00a0teams for post breach analysis. There is shortage of people with these skills. Existing SOC people\/team better start developing skills around these areas and be market ready.<\/p>\n

Below are few questions CISO, SOC Managers, CIO or Management should answer to see SOC at more matured state.<\/p>\n