Friday, April 19, 2024

Secure Your Network From Advanced Cyber Threats With Next Gen SIEM & Open XDR

By Priya James

Security information and event management, or SIEM, was introduced some 17 years ago. It makes sense for a next-gen SIEM to emerge now, or it may already be long overdue. There is a need for a more powerful upgrade to the system that has been in place for nearly two decades.

Some say that traditional security information and event management is dying and organizations would have to transition to next gen SIEM whether they like it or not.

There is a need to adopt a new system that is cloud-based and analytics-driven. This new system is also expected to be laser-focused on outcomes. It is not restrained by a dated framework and overly strict procedures.

However, next-gen SIEM is not the only upgrade organizations can turn to as they improve their security posture. A related solution called Open XDR offers comparable outcomes through a different approach and framework.

Get to know more about next gen SIEM and Open XDR in the discussions below.

A Closer Look at Next-Gen SIEM

There is no definite or universally accepted definition for next-gen SIEM. However, a good starting point to establish its nature lies in Gartner’s definition: a technology designed to “support threat detection, compliance, and security incident management through the collection and analysis of security events and a wide variety of other event and contextual data sources.”

When applied to the concept of next-gen SIEM, the definition largely remains the same with the introduction of improvements sans paradigm-altering changes.

Next gen SIEM is more advanced than base SIEM, but it has the same framework and objectives. It is not a new solution that employs different cybersecurity approaches and principles.

It may utilize big data technologies and data modeling plugins, offer improved workflows and user interfaces/experiences, and provide additional features like user and entity behavior analysis (UEBA) and open integration with SOAR. However, its process and goals are mostly the same.

The new capabilities of next-generation SIEM may vary depending on the vendor, but the following hallmark features are usually present.


Cloud-native operation – As modern IT infrastructure increasingly relies on cloud computing, it only makes sense for next-gen SIEM to natively operate on the cloud and be compatible with cloud-based systems.

This enables the unified monitoring of apps, devices, servers, and endpoints. It makes log collection across different sources more efficient.

Advanced threat detection and incident prioritization – In contrast to conventional SIEM, the next-gen iteration is capable of identifying and anticipating threats and attacks. It can discover suspicious activities, unusual behavior, and patterns that coincide with malicious activities.

Better handling of false positives – False positive alerts are not completely avoidable. However, it is clear that conventional SIEM has too many false alerts. Next-gen SIEM employs artificial intelligence and event correlation mechanisms to improve detection accuracy.

Cost-effective data processing – Legacy SIEM is often associated with volume-based data evaluation. As such, the more data is collected and analyzed, the higher the SIEM operation cost becomes. New-gen SIEM addresses this problem through a flat pricing data evaluation model, It significantly reduces the cost of data ingestion.

Better integration – Next-gen SIEM is designed to work with more security tools and systems including SOAR (security orchestration automation and response), real-time visualization tools, behavior analytics, and threat intelligence from open/public, custom, and other sources

Considering a Next-Gen Alternative

While the new-gen SIEM represents a significant leap from its predecessor, it is far from perfect. It has some weaknesses. For one, low data management efficiency is inherent in SIEM’s framework.

There have been efforts to address this with the release of enhanced next-gen SIEM platforms, but a systematic and seamless process for data collection, storage, correlation, and prioritization is still absent.

Security teams generally have to face huge amounts of disorganized security data as they attempt to uncover risks and respond appropriately.

On the other hand, there are concerns over SIEM’s predisposition to making security teams work harder, not smarter. SIEM’s framework does not offer optimum conditions for handling big data and taking advantage of artificial intelligence.

While it is possible to do security data correlation with SIEM, the efficiency of the process could use further improvements.

There have been efforts to address this problem with the release of next-gen SIEM solutions that provide out-of-the-box data processing and prioritization mechanisms, but they have yet to prove their effectiveness.

Also, manual work continues to be essential in SIEM, as evidenced by the necessity for human-written rules or human-directed configurations.

Moreover, even with next-gen SIEM integration improvements, it can still be quite selective. There are challenges in making it work with the security tools commonly used by organizations.

This is mostly due to the complexity of data models used by different vendors. It is not impossible to find ways to integrate, but it can be tedious. Also, issues emerge when new versions of integrated tools are released by different vendors, which results in integration issues that need to be addressed individually.

Open XDR

Open eXtended Detection and Response or Open XDR is regarded as an alternative to next-gen SIEM, but it may also be considered as a supplement. It has similarities with SIEM but is different mainly because of the distinct framework and ease of integration.

Both are seeking to achieve comparable goals, but their methods are not the same.

Open XDR has distinct approaches that allow it to tackle security threats in ways or methods not covered by both traditional and next-gen SIEM.

The Open XDR framework is notably different from SIEM. In particular, the way it handles data can be considered more effective and efficient.

It forces data to go through normalization and enrichment before it is stored in a data lake or a big data processing system, which is in stark contrast to what conventional SIEM does.

This allows Open XDR to maximize the benefits of artificial intelligence since the collected and stored security data is already organized in a consistent and sensible format.

Additionally, Open XDR makes it possible to address multiple risks through different security controls using a unified dashboard with a familiar user interface and user experience.

It also makes it easy to use UEBA, SOAR, NDR, EDR, and various other tools under a single platform.

In conclusion

Next generation SIEM and Open XDR are some new cybersecurity technologies organizations will eventually have to get acquainted with as they improve their cyber defenses.

Threats continuously and rapidly evolve. It is inevitable to adopt updated versions of security information and event management and extended detection and response. In the future, new technologies will be developed to counter new threats.

However, this does not mean that organizations should blindly take on new cybersecurity solutions that purport to match the evolution of threats. It is also important to examine these new solutions to determine if they correspond to an organization’s needs.

Simply upgrading to a next gen solution may not be enough. A different approach may be necessary, something that can be offered by an alternative or supplemental solution.

Managed WAF Protection

Website

Latest articles

Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Cisco

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Priya James
Priya James

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]