Embed Size (px)
Citation preview
THE EVOLUTION OF SIEMWhy it is critical to move beyond logs
BUSINESS-DRIVEN SECURITY™ SOLUTIONS
2RSA Ebook: The Evolution of SIEM
THE EVOLUTION OF SIEM
Despite increasing investments in security, breaches are still occurring at an alarming rate.
(RSA Cybersecurity Poverty Index, 2016) (RSA Threat Detection Effectiveness Survey, 2016)
(Verizon Data Breach Report, 2017)
of COMPANIES
COMPROMISED IN THE LAST YEAR
of ORGANIZATIONS ARE UNSATISFIED
WITH THEIR RESPONSE SPEED.
Compromises ARE MEASURED IN MINUTES OR LESS
98% OF THE TIME.
70 90
Traditional SIEMs have not evolved to meet the security challenge.
Log-centric SIEMs can’t defend against attacks.
RSA NetWitness® Suite addresses the gap left by log-centric SIEMs.
JIGAR KADAKIA PARTNERS HEALTHCARE
.....Analytics are critical.RSA NetWitness® Suite can help us determine standard behavior,
and what’s one standard deviation away, or two
standard deviations away, so that we have better visibility into what potential attackers
are doing.
Why it is critical to move beyond logs
2RSA Ebook: The Evolution of SIEM
3RSA Ebook: The Evolution of SIEM 3RSA Ebook: The Evolution of SIEM
BEGINNING STATE
DESPITE INCREASING INVESTMENTS IN SECURITY,
GIVEN THE SPEED AT WHICH CYBER CRIMINALS ARE ABLE TO CREATE NEW SECURITY THREATS,
Whether the result of cyber criminals sending phishing or malware attacks through company emails, nation states targeting an organization’s IP, or insiders misusing sensitive data, we live in a world where prevention of breaches has become impossible. Successful attacks bypass each layer of prevention that we have put in place because they often use valid user credentials, trusted access paths, or new exploits, thus going unnoticed by our preventative controls.
BREACHES ARE STILL OCCURRING AT AN ALARMING RATE.
COMPANIES MUST CHANGE THEIR APPROACH TO SECURITY.
Reality of living in the pre-evolution security world
4RSA Ebook: The Evolution of SIEM
BRINK OF EXTINCTION
SIEM systems were orginally intended for compliance and log management.
Later they were used to detect and investigate attacks. However, log-centric
SIEMs have several flaws that make it difficult to detect successful attacks
and even more difficult to investigate them.
IN FACT, 99% OF SUCCESSFUL CYBER-ESPIONAGE ATTACKS WENT UNDISCOVERED BY LOGS.
Log-centric SIEMs give security personnel some level visibility of what is going
on across the enterprise by connecting the dots between anomalies within the
different layers of defense via logs. However, logs lack deep visibility and detail
to understand what is truly happening in an environment.
Traditional SIEMs have not evolved to meet the security challenge
(SOURCE: VERIZON BREACH REPORT 2014)
5RSA Ebook: The Evolution of SIEM
THE NEED TO EVOLVE
Since companies have no choice but to allow some traffic to pass through all layers
of defense in order to do business, traffic will need to flow through preventative
controls. Logs only tell part of the story of what traffic makes it through. Log-centric
SIEMs can only report on what the preventative controls have identified.
However, they are unable to detect and investigate attack techniques such as
unusual client activity, protocol anomalies, unauthorized connections, and
suspected malware activity.
As organizations add more preventative controls, the amount of data and events generated can overwhelm
even the most mature security teams. This leads to even more noise, increasing the likelihood that the signals
(clues about an attack) will get lost or take too long to spot.
“Use of advanced SIEM features resulted in an average savings of nearly $3 million”
Log centric SIEMs can’t defend against attacks
5RSA Ebook: The Evolution of SIEM
(Source: 2016 Cost of Cyber Crime Study & the Risk of Business Innovation by Ponemon)
6RSA Ebook: The Evolution of SIEM
THE EVOLUTION IS HEREMoving beyond log-centric SIEM
RSA NETWITNESS® SUITE ADDRESSES THE LOG-CENTRIC SIEM PROBLEM IN A VERY UNIQUE WAY.
SPOT ANOMALOUS BEHAVIOR OF THREAT ACTORS VERSUS LEGITIMATE
USERS AND INVESTIGATE THESE ATTACKS.
By capturing raw packet data and amplifying the value of the this data with Capture Time
Data Enrichment and machine learning methodologies that distinguish anomalous behavior,
RSA NetWitness Suite will spot advanced threats that bypass preventative controls. Unlike
a traditional SIEM, RSA NetWitness Suite provides deeper visibility and security context to
reconstruct events and attacker TTPs (Tactics, Techniques and Procedures) to stop the attackers
before they compromise the organization. Ultimately, RSA NetWitness Suite helps
6RSA Ebook: The Evolution of SIEM
7RSA Ebook: The Evolution of SIEM
SURVIVAL OF THE FITTEEST
RSA NETWITNESS® SUITE
IS THE ONLY PLATFORM THAT CAN CORRELATE SECURITY DATA ACROSS LOGS,
PACKETS AND ENDPOINTS WITH REAL-TIME BEHAVIOR ANALYTIC CAPABILITIES
TO SPEED DETECTION AND RESPONSE.
Event correlation can now occur between a mix of logs, packets and endpoints that enables
analysts with leading indicators and in-depth views of threats that bypassed preventative
controls. This offers organizations a unified platform to speed detection and response,
investigations, compliance reporting, and behavior analytics to spot anomalous behavior.
WITH RSA NETWITNESS® SUITE, SECURITY TEAMS CAN GO FROM AN ALERT TO INVESTIGATION
TO RESPONSE FASTER AND WITH MORE DETAIL THAN ANY OTHER TOOL.
This is what your SIEM was meant to be
8RSA Ebook: The Evolution of SIEM
RSA, the RSA logo, are registered trademarks or trademarks of Dell Technologies in the United States and other countries. © Copyright 2017 Dell Technologies. All rights reserved. Published in the USA. 06/17. Ebook: The Evolution of SIEM. H16554
RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.
RSA NetWitness® Suite is a threat detection and response platform that enables organizations to identify and respond to the full
scope of a compromise by leveraging logs, packets, endpoints, threat intelligence and business context.
For more information, go to rsa.com/netwitness.
• 3X more visibility
• 3X faster response
• 3X security team impact
RSA NetWitness® Suite
