By: SHAH AHMED FAROUQ
shah.farouq@espc2go.com

SHAH ALAM: The New Generation (NG) of Security Information and Event Management (SIEM) is the way forward for digital security.

SIEM are tools that are an important part of the data security ecosystem because they gather data from multiple systems and analyze that data to catch abnormal behavior or potential cyberattacks.

The Principal Team Lead Systems engineering of iMETA Ramy M. Ahmad said that having a next generation SIEM will lead the people to build the full next generation security operation centre.

He further added that the NG SIEM will help centralized the data at one specific software during the online training entitled “Utilizing NG-SIEM to secure your environment” organized by aeCERT.

“NG SIEM will ingest both log and flow data because it uses threat models to determine the threats rather than a human brain,” he explained.

These are complicated models that can detect and match threat behaviors to a particular type of threat such as a Distributed Denial Of Service (DDoS) attack, malware infection, Advanced Persistent Threat (APT) loss of credentials, or insider attack.

The NG SIEM will leverage but not rely on the proper use of Machine Learning to pick out behaviors that are not normal for the device, application or user, and correlate all of  these events.

In one line it tells you the type of threat and the devices and/or user involved and what to do about it.

The traditional SIEM solutions however, focus on collecting and indexing log outputs from both devices and applications.

These are used to search and find particular log details such as for this device search and display all logs for this particular day.

Some SIEMs will take in-network data but tend to have difficulty using such information effectively so this is a problem, as the network provides the other half of the needed data to detect the most active threats.

The NG SIEMs however will be designed to detect the threats coming to the users in minutes of becoming active.

Once the NG SIEMS is active it will be stopping brute force attacks, compromised credentials, and insider threats before critical data is accessed where traditional SIEMs can’t promise this.

The Regional Vice President of iMeta Mazen Dohaji urged people to be  well-equipped with cybersecurity as he described that we are living in a modern cybersecurity pandemic.

He also believes cyber threats are not going to end soon due to the three main reasons that are motivated actors, cybercrime supply chain, and expanding attack surface.

“The motivated threat actors, cyber terrorists, cyber activists and cyber criminals and nations states that coming to all what we have and will continue to do so unfortunately and it has become an economy on its own and this is increasing and rising unfortunately.”

“They are also well equipped with cyber crime  supply chain that gets them a lot of motive to do bad things, because they can sell, buy and they have tools and capabilities typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components in the organization.”

“We have expanding attack surface every day to deal with due to the parameter that bring your own device (BYOD), mobile and remote work force etc. It is becoming harder than ever to protect our environment. It is not going away anytime soon,” he added.

Hence it is very important to be prepared and rely on the new generation of technology that is NG SIEM which that could help us to be prescriptive proactive and predictive.

For those who are interested to know more about NG SIEM, can email your enquires to info@espc2go.com or drjazz@espc2go.com.

By ESPC