FEATURE
This only makes it more likely that
anomalous activity could go unnoticed
and cause real damage in the form of a
material breach.
The addition of ML to SIEM promises
to reduce the human effort needed to
secure networks. Expanding datasets
can be analysed quickly with red flags
waved so that security teams know
where they should focus. Moreover,
such technologies can move beyond the
typical rules-based approach so that
threats that are following new patterns
are highlighted and then learned. As
tactics evolve, so does NextGen SIEM.
That being said, organisations that view
ML as a silver bullet to their challenges
will soon come crashing back to reality.
While ML can analyse data quickly, it’s
only as good as the data it’s reviewing
making inaccurate or insufficient data
sources a cause of concern.
There may also be a lack of consistency
in how each ML solution reports its
findings. Furthermore, the business will
need to calculate a comfortable balance
between false positives and false
negatives, with an increase in the former
affecting the latter in the same way.
Next-generation
SIEM platforms
should ultimately
enable an
organisation to have
visibility into both
known and unknown
cyberthreats across
the holistic
attack surface.
in this day and age. The time and effort it
can take to investigate the sheer quantity
of alerts, identify new attack trends, test
www.intelligentciso.com
|
Issue 08
networks to uncover vulnerabilities, as
well as manage a growing number of
cybersecurity tools means that security
teams are under increasing pressure as
their resources are spread thinly.
This means that each alert will still
need to be checked, even if just to
confirm that everything is OK rather
than to deeply investigate and analyse
every threat. u
39