When Too Much Security Data Becomes the Risk
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
SIEM tools correlate security logs to detect suspicious activity sooner, but reliable alerts depend on complete data, tuning, and response plans.
Search across headline titles and summaries.
Background for this topic.
Security information and event management (SIEM) centralizes logs and security alerts from systems such as identity providers, endpoints, applications, and network devices. It normalizes and correlates events so analysts can identify activity that a single log may not show, such as a suspicious login followed by privilege changes and data access. SIEMs can also support investigation through search, retention, and automated response actions.
Its value depends on trustworthy, relevant telemetry: attackers may exploit unmonitored systems, disable logging, or generate noise that hides meaningful alerts. Poorly protected logs can also expose credentials or personal data and create compliance obligations. Effective practice is to define priority detection cases, collect and time-synchronize the necessary events, restrict and monitor access to logs, protect their integrity and retention, and continuously tune and test detections. SIEM alerts should feed a documented triage and incident-response process rather than be treated as proof of compromise.
Weekly headline count for the current query.
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
From the MGM and Caesars fiasco and MOVEit's patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads.
Once CrowdStrike's nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.
The combined company will help customers separate data ingestion from SIEM, to improve detection and performance.
This acquisition will bring Onum's real-time data pipeline to CrowdStrike's Falcon Next-Gen SIEM platform to deliver autonomous threat detection capabilities.
The SIEM market is at a pivotal point as XDR platforms and generative AI shake up the security analytics space.
Microsoft Sentinel Data Lake aims to provide inexpensive storage for large volumes of telemetry, while threat intelligence will be included with Defender XDR at no extra cost.
The deal will combine Securonix's SIEM platform with ThreatQuotient's threat detection and incident response (TDIR) offering to build an all-in-one security operations stack.
The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.
A successful enterprise security defense requires a successful endpoint security effort. With options ranging from EDR, SIEM, SOAR, and more, how do security teams cut through the clutter and focus on what matters?
The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.
Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.
Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools.
IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms.
The startup’s AI-powered data streaming platform separates security analytics from compliance data. Detecting is faster while also reducing computing and storage costs.
Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
Cisco's surprise agreement could reshape secure information and event management (SIEM) and extended detection and response (XDR) markets.
If rule writing for SIEMs isn't managed properly, it can lead to false positives and misconfigurations, which create extra work for the SOC team.
By integrating detection response with information and event management, organizations can move beyond protective controls and harden their defenses.