[BreachExchange] SIEM vs Security Analytics: What’s the Difference?

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jun 21 20:21:34 EDT 2018


https://solutionsreview.com/security-information-event-
management/siem-vs-security-analytics-whats-difference/

As dramatic as it sounds, comparing SIEM vs security analytics is a vital
discussion for enterprises facing the multitudes of cybersecurity threats
born from the modern age: hackers, insider threats, the weight of despair
and hopelessness from users, regulatory compliance, etc.

Every enterprise—of all sizes and industries—needs information security
capabilities. Digital threats are increasing year after year,
simultaneously growing in severity and sophistication. Yet the difference
between security information and event management (SIEM) and security
analytics can prove pedantic and frustrating for enterprises wading through
all the cybersecurity jargon searching for a clear-cut answer.

Fortunately, we here are Solutions Review are on hand to help you
distinguish the benefits of SIEM vs security analytics (or vice versa) and
help your enterprise make the right information security selection.

SIEM vs Security Analytics: Two Peas in a Pod?

Part of what can confuse so many enterprises trying to find the right
solution is that in the debate of SIEM vs security analytics is that those
variations can seem arbitrary or even non-existent on the surface.

Indeed, SIEM solutions and security analytics feature similar capabilities,
including:

- Log and Event Management
- Behavioral Analysis
- Data Correlation
- Compliance Reporting
- Security Event Data Compilation, Aggregation, and Analysis
- Threat Hunting
- Centralized Compliance Report Generation

Additionally, both SIEM and security analytics have similar priorities and
security goals. With the digitization of business processes and the advent
of digital transformation, enterprises can generate terabytes of security
event data a month. This security event data is distributed throughout your
IT environment, and the correlations between them—several failed logins
from the same user, unusual behavior from that user, data flows moving in
patterns that defy normal business processes—can indicate a security breach.

Your human IT security certainly can collect and aggregate all of this
security information, analyze it for correlations, and investigate those
correlations to determine if they are false positives or indicators of
legitimate threats. However, doing so would be a severe drain on their time
and resources that cannot be recouped.

SIEM and security analytics improve the speed of accuracy of threat
detection by conducting much of the security event correlation and analysis
automatically. They seek to reduce the mean time to detect (abbreviated
MTTD) and the mean time to respond (MTTR) to cyber threats via AI learning
protocols like machine learning or user and entity behavior analytics
(UEBA).

In other words, SIEM and security analytics make sorting through the
gigabytes of enterprise data in real time easier than ever before. Yet both
solutions require human knowledge and involvement to perform at optimal
levels, which are unfortunately in high demand and limited supply, as both
can fall prey to false positives.

So if so much of this article highlights how similar the competitors of
SIEM vs security analytics are, how do they differ?

It might be an indicator of the speed of cybersecurity development.

SIEM vs Security Analytics: One in the Same?

>From our independent research, we’ve noticed something interesting. Many of
the solution providers and vendors writing about the substantial
differences between SIEM vs security analytics criticized SIEM as being
unable to handle modern threats, limited to on-premises infrastructures and
inflexible architectures, and limited threat hunting capabilities. They
praise security analytics as being capable of UEBA, correlating identity
across multiple systems, and being far more flexible in their data
collection.

While this sounds like an indictment of SIEM, these same criticisms singled
out legacy SIEM solutions. Indeed, maybe of the criticisms of legacy SIEM
does not seem to correspond to the SIEM solutions currently on the market,
which do feature UEBA and more expansive detection.

It seems to us that legacy SIEM solutions are on the way out but that
next-gen SIEM and security analytics perform nearly identical functions; we
could even understand arguments stating that security analytics is another
way of saying “next-gen SIEM.”

So in answering the debate of SIEM vs security analytics, we do recommend
that enterprises review their SIEM solution to ensure they have one that
best fits their needs and use-case and carefully examine the individual
capabilities of potential solutions. This is a serious choice that could
have long-term effects on your enterprise. Choose well!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180621/f802ed3e/attachment.html>


More information about the BreachExchange mailing list