Last updated at Wed, 18 Sep 2019 14:31:50 GMT
If you’ve been a security professional for any length of time, chances are you’ve experienced the frustrations of SIEM tools. A technology that has benefited immensely from the advent of the cloud, the face of security information and event management (SIEM) is rapidly changing for the better. Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.
We've broken down the webcast into the following small chapters:
- SIEM and SIEM Delivery Models
- Elements of Log Management
- SIEM Activities and Delivery Models
- An Introduction to Rapid7 InsightIDR
- InsightIDR Product Demo
- Q&A with the Ultimate Windows Security Audience
Before you dive into the recording, here’s a quick overview of the three major points that Spencer Engleson, lead Insight technical specialist at Rapid7, and host Randy Franklin Smith discussed in the webcast:
SIEM: How we got to where we are today
SIEM is not a new security technology by any means, yet it remains a source of frustration for security teams both large and small. Often not built to handle the complex volumes of data we’re dealing with today, teams are still missing out on critical insights and not getting accurate alerts. In an attempt to solve for this, many SIEMs were built to be quite complex, with the caveat that they require a longer learning curve and a bigger budget. As a response to those pain points, many other SIEMs were built to be simplistic—however, they lack many critical features. You can learn more about the "then and now" of SIEMs in the webcast.
Evolving SIEM delivery models
If complex is too complex and simple is, well, too simple, is there a happy medium? In the webcast, Engleson and Smith discuss the various SIEM delivery models (on-premises, hybrid, and cloud-based), and how each is evolving today. Determining which one is right for your organization comes down to availability, scalability, cost, and vendor lock-in. Engleson and Smith will teach you how to match your criteria to the correct SIEM delivery model so you can get the most out of your technology.
Where SIEM technology is headed next
Most companies recognize that the sheer volume of data they are dealing with requires a SIEM that’s capable of analyzing it at scale. And most SIEM vendors recognize that in order to do that, the cloud is the most appropriate delivery model. That’s why cloud SIEM technologies like Rapid7’s InsightIDR are becoming the de facto choice for providing advanced analytics without the overhead or complexity. But there are many other important advancements in the world of SIEM that are impacting security teams, too. Engleson and Smith discuss their predictions on where SIEM solutions are headed based on industry trends and today’s top SIEM requirements so security teams can keep up-to-date.
Watch the full recording
In the information-packed webcast recording, you’ll learn the ins and outs of SIEM technology and where it’s headed, so that whether you’re a novice or veteran in SIEM, you can assess if your current SIEM is up to snuff or how to evaluate a new SIEM to bring into your organization.
A fundamental piece of any security program, it’s crucial that your SIEM works for you, so watch the recording here and leave a comment to let us know what you think of the information Engleson and Smith offer.