Traditional IT security measures becoming ineffective

SIEMs have reached the limits of their capabilities.

Security Incident and Event Management systems (SIEMs) are a case in point. The goal of a SIEM is to help security practitioners collect, correlate, and analyze events using algorithms that recognize suspicious activity. But as the amount of data they monitor has continued to grow, SIEMs have reached the limits of their capabilities.

Scalability has become a major issue, as organizations try to capture thousands of events per second in the relational databases commonly used in SIEM solutions. The changing, increasingly complex data types in organizational environments have made it even harder for SIEMs to correlate relationships between events. Used on their own, the effectiveness of SIEMs has noticeably degraded.

While security practitioners may describe the problem differently, most agree that fast-growing volumes and variety of organizational data rule out SIEMs as an effective security solution. Scalability challenges, data diversity, the need for real-time search, and time-to-value, demand a more effective method to utilize big data. One increasingly popular approach is called Operational Security Big Data (OSBD).

To paraphrase security expert Kevin Mandia, breaches by advanced attackers are inevitable. Organizations are now experiencing the kind of sophisticated cyber-assaults that used to be targeted primarily on governmental defense and intelligence organizations. This is why the ability to handle increasing volumes, variety, and velocity of data is now so important. This is where OSBD really goes to work. It fulfills the need for a real-time big data approach to security and statistical analysis that detects advanced threats, both known and unknown.