(SIEM) technologies have long been powerful tools for cybersecurity professionals. They enable to gather and analyze event-based data from many sources, such as IT security systems, networks, servers, applications, and more, to help identify and mitigate incoming cyber attacks.
However,(SOAR) products have become a viable alternative to more traditional SIEM systems in recent years. While SOAR technologies also help organizations manage multiple data sources across their IT , they go further than SIEMs by automating various cyber threat discovery and mitigation processes.
But with the rapid transition to a remote working world and cybercriminals continuing to take advantage of, the threat landscape has evolved significantly in the past year – and businesses face many new cybersecurity challenges. So, are SIEM and SOAR services still powerful tools for security teams? And how have they evolved in 2021?
According to Nicola Whiting, chief strategy officer at Titania, the challenges faced by network security teams have changed significantly because of the coronavirus pandemic and the subsequent rise of.
“The shift to remote working, including the introduction of new devices and applications, as well as thetechnology, means that teams have an ever-increasing amount of network data to collect and analyze,” she says.
“Add to that the growing sophistication of threat actors, who require a decreasing amount of time to get established on a target network, and the importance of continually monitoring the configuration state of a network is clear.”
But forto navigate an increasingly complex cyber threat landscape successfully, SIEMs can be powerful tools. Whiting they offer a centralized, real-time view of a network’s actual state through the collection and analysis of data from different security tools. This allows security professionals to observe when data drifts from the desired state.
“Through aggregating and enriching frequent, if not continuous, vulnerability assessment data, network security teams can achieve configuration confidence – knowing that one’s network is correctly configured to prevent an attack,” says Whiting.
“So, especially in today’s new, complex, and evolving IT networking environment, SIEMs are more critical than ever in minimizing theand reducing the meantime to detecting misconfigurations.”
However, Whiting believes identifying anomalies and threats in a SIEM forms only one part of configuration confidence. Her view is that the triage automation capabilities of SOAR technologies are becoming increasingly essential. Another critical element of this process is remakingonce they have been discovered automatically.
“This is leading to a shift towards integrating SIEMs with security orchestration, automation, and response capabilities – i.e.,[MDR] functionality, reducing the meantime to triage security vulnerabilities,” she says. “However, confidence in the automation underpinning MDR is high-fidelity data.
“So network security teams – though keen to adopt automation-based technology to reduce workloads and expedite remediation – are increasingly focusing on the accuracy of tools feeding data into their MDR tools. Automation is redundant if it is based on inaccurate information. Therefore, meeting and confronting today’sand challenges start at the vulnerability assessment level.”