Security News

Major factors driving the growth of the SIEM market. The rise in concerns over IT security is expected to boost the SIEM market.

Panther Labs released the findings from their report which surveyed over 400 security professionals who actively use a SIEM platform as part of their job, including CISOs, CIOs, CTOs, security engineers, security analysts, and security architects, to gain insight into their current SIEM challenges, frustrations, and desires when it comes to capabilities. "Insights from this report confirm what my team and I have also experienced working at companies like Amazon and Airbnb - traditional SIEM platforms no longer meet the growing needs of security practitioners who face new and emerging threats," said Jack Naglieri, CEO and founder of Panther Labs.

While the underlying tenets of not relying on a single vendor and taking advantage of best-of-breed expertise for each system or tool is still valid, it has become obvious that data needs to be combined to understand the complete attack surface and progression of the kill chain. SIEM was created over fifteen years ago to integrate security data for providing real-time analysis of security alerts generated by applications and network hardware.

NetWitness introduced NetWitness Cloud SIEM, a cloud-based threat detection and response solution that delivers pervasive visibility, multi-faceted analytics, and automated response capabilities without the need for on-premise deployment and administration. NetWitness Cloud SIEM provides enterprises with the same rich log management, retention, reporting, and analytics services long utilized by on-premise customers for threat detection and response, but in cloud form.

In its early days, SIEM was shaped by new compliance drivers that dominated the era, like PCI or HIPAA. In more recent years, SIEM has evolved to handle the convergence of platforms while accelerating threat detection against sophisticated ransomware and malware. Why SIEM is an Ideal Setup, Now More Than Ever SIEM software uses analytics engines to match events against an organization's policies.

Huntsman Security has unveiled the latest version of its SIEM Cyber Security Analytics solution in both an Enterprise and Managed Security Service Provider release. For the first time, analysts can interact with a live ATT&CK heatmap which enables SOC teams to leverage MITRE ATT&CK intelligence to improve attack data visualisation, and quickly and easily identify attack targets, origins and the security risks faced by their organisation.

Cybersecurity firm Securonix has announced a new level to its collaboration with AWS that will allow AWS customers to use Securonix security information and event management software without ever leaving their current AWS hosting solutions. Securonix describes the new collaborative product as a "Bring your own cloud" program "Providing customers with deployment options that are aligned with their cloud strategies, data retention requirements and overall business needs."

LogRhythm announced the launch of version 7.7 of the LogRhythm NextGen SIEM Platform. The update introduces new features designed to streamline the threat detection and response process, including a new Timeline View that provides analysts with an easy-to-follow security narrative when investigating an incident.

When the move to the cloud was dramatically exacerbated by companies rapidly shifting to remote work, these tools fell short of supplying clear visibility into multiple environments and technology layers. The need to quickly adapt and scale to the new reality provided the perfect opportunity to accelerate the push to cloud, but outdated traditional security information and event management tools are not able to efficiently collect and process the high volume of telemetry generated by the multiple cloud services adopted as part of this push.

AttackIQ announced its integration between the Microsoft Azure Sentinel cloud-native security information and event manager platform and the AttackIQ Security Optimization Platform. "We're delighted to announce AttackIQ's integration with Microsoft Azure Sentinel, and the opportunity to enable Azure Sentinel users to test and validate their detection pipeline and ultimately fine-tune security processes across their organization," said Dariush Afshar, VP of Platform & Business Development, AttackIQ. "With our integration with Azure Sentinel, Microsoft customers now have another powerful tool for optimizing their security investments, whether that be their Microsoft 365 Defender investments like Microsoft Defender for Endpoint, or third-party security products - such as nextgen firewall - that feed Azure Sentinel."