Security Information and Event Management solutions – SIEMs – have become quite commonplace within cyber security operations today, and because of this, there is a lot of confusion as to exactly what a SIEM is versus an advanced network-traffic analytics solution. The short answer is that SIEMs aggregate, correlate and analyze events, logs and alerts produced by machines, while an advanced network traffic analytics solution enables the rapid analysis of raw network-traffic by security analysts. The longer answer is, of course, much more complex than this, while cyber security shops that use both have a powerful combination on their hands.
I recently completed a short paper on the subject, and thought you might be interested. It will take you through: a brief history of how cyber security has ‘grown up’ in most enterprise shops which will help to contextualize the differences, a discussion of SIEM limitations, how advanced network-traffic analytics fills a critical missing gap in the tool set of most cyber security shops today, and finally how a SIEM plus an advanced network-traffic analytics solution creates an improved security posture, while concurrently lessening the need for hard-to-find analysts.
Click here to download!