Realtime Security Intelligence
Facebook X LinkedIn

Realtime Security Intelligence

Combined Session
Thursday, May 15, 2014 12:00—13:00
Location: AMMERSEE I

Why SIEM failed - and why we need Realtime Security Intelligence

There is no doubt about the fact that SIEM (Security Incident/Information and Event Monitoring) failed in delivering on its promises. Many projects failed entirely, while others started big and ended small. There are also success stories, but finally it turned out that SIEM is a tool, not a solution. In a world of increasing security threats and advanced types of complex attacks, there are too few people who can set up a working solution based on a tool only. This requires too much knowledge.

With the event of a new generation of solution we call Realtime Security Analytics, things start to change. These solutions combine big data techniques and advanced analytical capabilities, both rule-based and pattern-based, with realtime information about new threats and – ideally – managed services. Such managed services allow to provide new configurations and analytics on the fly, constructed and delivered by a few experts. The required skill set in the customer organizations are lower, because the complex understanding of relationships of incidents and events in a number of systems will be provided by the service providers. Such service providers also help handling the – ideally few – filtered events that need manual supervision. Doing Realtime Security Analytics right not only helps customers to increase their cyber security and “cyber-attack resilience”, it also allows software vendors to expand their business models. It makes SOC operations cheaper, by building on a good combination of own capabilities and managed services, while delivering better results.

SIEM is reduced to just one data source in the new world of Realtime Security Intelligence. This allows customers to leverage their investments in SIEM, without relying on a limited toolset. Clearly, the evolution towards Realtime Security Intelligence will bring new players on board and shake out some of the SIEM vendors.

In this session, Prof. Dr. Sachar Paulus of KuppingerCole will explain the difference between traditional SIEM and Realtime Security Intelligence. He will talk about the requirements on Realtime Security Intelligence (RSI) solutions, the criteria for product selection, and the organizational infrastructure RSI needs on both the vendor/provider and the customer side. He will talk about how RSI enables the SOC of the future and integrates with other sources of relevant information, beyond SIEM  - for instance Access Governance and User Activity Monitoring.

Why SIEM failed - and why we need Realtime Security Intelligence
Presentation deck
Why SIEM failed - and why we need Realtime Security Intelligence
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Prof. Dr. Sachar Paulus
Prof. Dr. Sachar Paulus
KuppingerCole
Prof. Dr. Sachar Paulus is KuppingerCole Scientific Advisor and a former KuppingerCole Senior Analyst. Sachar was 8 years with SAP in leading security positions, responsible for Secure Software...

Prescription Security Lenses for the 4A Vision: Anywhere, Anytime, with Anyone, on Any Device

Prescription Security Lenses for the 4A Vision: Anywhere, Anytime, with Anyone, on Any Device
Presentation deck
Prescription Security Lenses for the 4A Vision: Anywhere, Anytime, with Anyone, on Any Device
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Dragan Pendic
Dragan Pendic
Accenture
Dragan has over 25 years of consultancy and hands-on Technology, Software Development, Digital Security and Privacy experience in almost every sector imaginable. Currently working at Accenture as...

Big Data for Information Security: Preventing your Enterprise from Cyber Attacks and Threats

A Cyber Intelligence Analytics layer, based on Big Data Analytics is something that is missed today in the InfoSec area. Those analytics provide organizations with deep insights into attacks and threats at a level which governments typically utilize. ´Under the radar´ attacks and threats can be translated into patterns and insights, only when utilizing a pro-active approach and analysis of Big Data - varied and historical, and unique algorithms and metrics. Cyber Analysts create quick and valuable insights.

Big Data for Information Security: Preventing your Enterprise from Cyber Attacks and Threats
Presentation deck
Big Data for Information Security: Preventing your Enterprise from Cyber Attacks and Threats
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Yuval Illuz
Yuval Illuz
ECI Telecom
Vast managerial and technological experience in Information Technology. M.Sc. in Information Technology Management graduated with special distinction. Deep knowledge in business applications,...
Subscribe for updates
Please provide your email address