Today is the last day of Infosecurity Europe 2019 and, besides looking forward to recuperating with a nice weekend in London, I’m reflecting on what I heard at dozens of meetings and talks with people at Infosec, and what the trends are in SIEM.
What has AI done for me lately?
My first takeaway is that people are waking up from the “magic dust” of artificial intelligence and machine learning. If in the past vendors would throw out these little acronyms and everyone would be impressed, now its clear that everyone is using AI and ML. Now people want to know what VALUE are these technologies going to bring them? Will this technology help me to aggregate events? Normalize? Correlate?
Which brings me to another point: low tolerance for high maintenance SIEM. Security professionals are sick of working for their SIEM, instead of having it work for them. Traditional SIEMs – even some who call themselves “Next Generation SIEM” – were kind of like what Harry said of Sally in “When Harry Met Sally”, high maintenance. You had to bring them everything “on the side”, actually hire MORE security analysts to do threat hunting on the many, many alerts they generated, and generally work FOR them. People’s patience for these types of SIEMs has worn thin. They (rightfully) demand that their SIEM solution actually conduct the threat hunting and take mitigation action directly, instead of just floating up tasks to the security team.
The “No Rules” message resonates
Tying my two previous points together – people are looking to get value from AI and a SIEM that works for them, instead of the other way around - empow’s differentiator, dramatically lowering the number of human generated correlation rules, resonated strongly. Just like endpoint protection has become “rule-less” using AI, the market expects SIEM to do the same.
When NLP and AI are put to use to lower the burden on the security analysts, freeing them up for more important and interesting tasks, the offering is uniquely attractive, even in the very noisy context of Infosec. Winning the SC Award for Best Emerging Technology for empow’s intent-based SIEM was more validation of the uniqueness of the offering, and also had people sit up and take notice.