Bypassing the Limitations of Traditional SIEMs with Splunk

January 07, 2016 | Susan Bilder

We have officially entered into an age where Security Information Event Management has both never been more important and has never been more complex at the exact same time. Cyber security in general is at a crossroads, as it is increasingly common to read about yet another devastating breach that has affected one or more of the largest corporations on the planet. The data breach that affected Home Depot in 2014, for example, was expected to cost an estimated $28 million dollars, which also equates to 0.01% of the company's total sales during the same year. The highly publicized breach that struck Sony was estimated to ultimately cost around $35 million dollars.

The Role of SIEMs in Cyber Security

Security Information Event Management products are designed to play an important role from preventing these types of attacks altogether. Network events and security-related issues are analyzed in real-time, empowering IT professionals with the actionable information they need to identify patterns as they develop, spot attacks in their early stages and make any adjustments necessary to help stop a small problem before it becomes a much bigger (and more expensive) one down the road.

SIEM products collect security-related information and other data from a wide range of sources, all of which is then loaded into a database that is scanned for known threats. While this model has worked well in the past, the complexity of threats has evolved dramatically in recent years to the point where even this proactive measure isn't necessarily enough from preventing a company from making international headlines due to a catastrophic security incident.

The Natural Limitations of the Traditional SIEM Model

With a traditional SIEM model, the product in question will only collect data from a pre-defined source. This essentially means that if an attacker is savvy enough to know what a particular SIEM product will be looking for, they can work hard to cover their tracks so that the breach can go undetected for a much larger period of time.

Another limitation of traditional SIEM products is that the databases that security-related information is loaded into requires a specific format for processing. In order to get all data into the correct format, a large amount of time and energy is required. Depending on the size of an organization, this too can delay the detection of a security breach beyond the point of no return.

Perhaps the biggest limitation of traditional SIEM products, however, is that they are only looking for threats that have previously been identified. If an attacker is breaking new ground, the SIEM will essentially be unable to detect it because it is "unaware" that this method exists in the first place. This can prove problematic as those with malicious intentions are always working to stay one step ahead of the countermeasures that businesses and organizations around the world work to deploy.

Bypassing the Limitations of Traditional SIEMs with Splunk

Splunk® is designed to elevate the natural capabilities of traditional SIEMs to their next level, offering all of the protection with none of the natural limitations. As an analytical tool, Splunk doesn't just collect and analyze pre-determined data produced by a network - it analyzes all of the data, period. All raw data is indexed, at which point Splunk builds a schema from scratch to build the most comprehensive and flexible security profile possible given the specifics of the network that it's actually working with.

You don't have to wait for data to load into the proper format into a database, delaying the amount of time it takes for threats to be identified. Known threats are detected immediately and unknown threats are uncovered as soon as the raw data is analyzed.

The time has most certainly come for the traditional SIEM model to evolve every bit as aggressively as the techniques of the people who wish to do you harm in the digital realm. Splunk was designed from the ground up to be the most comprehensive answer to that call available on the market today. Find out more about Splunk on our website or speak with a team member.

Want to learn more?

Download a FREE trial of Splunk  - Download a copy today and see how Splunk makes it simple to collect, analyze, and act upon the untapped value of big data.


Start Your Free 60 Day Trial of  Splunk Today!


We value your privacy and will not display or share your email address

Sign Up for the Blog

Heroix will never sell or redistribute your email address.