Whitepaper | The Essentials of a Next Generation Hybrid SIEM Service

Introduction

As an IT estate increases in complexity and continues to expand – most recently with the shift towards remote working – it becomes harder to manage and secure. Security costs are growing at an unsustainable rate for 63% of UK organisations, and 80% of UK CEOs are concerned about the risk of cyber threats to their business.

The stakes could not be higher. A major cyber incident can leave devastation in its wake, inflicting damage on customers, partners, employees and the bottom line. And behind headline attacks such as TalkTalk and Travelex lies an even bigger story – an astonishing 46% of businesses have identified security breaches or attacks in the past 12 months.

Supply chains too are under threat as cyber criminals extend their range of attack to supplier and partner environments, estimated to represent 23% of the total value at risk for organisations over the next five years.

To the costs of cyber attacks, we should add opportunity cost. We tend to focus on the gains organisations could have made had they not suffered losses as a result of a cyber attack. But we should also consider the advances they miss out on with costly but suboptimal cyber security solutions that prevent them from channelling IT resourcing to business-enhancing areas.

While risks and costs accelerate, cyber security skills remain thin on the ground, with 74% of organisations affected by the shortage. Only 10% of IT job candidates demonstrate adequate security skills, and only 1% of UK technology professionals possess SIEM skills, which is central to a robust cyber security strategy.

In response to these challenges, 48% of businesses admit that they need to improve their cyber security model. But how should they do this?

Established two decades ago, Security Incident and Event Management (SIEM) has lived up to its promise of delivering an effective and efficient security approach.

The value of SIEM lies in its ability to monitor an entire IT infrastructure in real time. SIEM works in concert with the security team to provide complete visibility and respond to alerts when it detects potential threats. With exponential increases in data and expanding attack surfaces, this visibility is now business-critical.

Why traditional SIEM is no longer enough

SIEM started life as on-premise platform, often with one person, and in some cases no one monitoring the screens.

This is no longer enough.

As attacks grow in volume and sophistication, and the attack surface continues to grow, the vast number of alerts from servers, endpoints and network devices can easily overwhelm in-house teams. The sheer scale of the problem diverts valuable IT resources from developments that would otherwise help the business flourish and grow.

In this context, SIEM is no longer enough and needs to be combined with other security mechanisms.