By Pete Schmitt, CTO, cStor
In 2005 the acronym SIEM (security information and event management) was coined by Gartner. It was the logical successor of the syslog or log management server. However, as threat landscapes expanded and information flow became faster and more diverse, just capturing, and searching logs was inadequate.
Modern SIEM solutions need to be nimble, distributed, and unencumbered by their architecture due to the sheer volume, velocity, and variety of information needed to truly give the Security Operations Center (SOC) one tool to rule them all.
Many organizations leverage Splunk for various business, analytics, and IT needs, giving them the ability to leverage the same data and look at it through different lenses, using that intelligence as a market differentiator. The same information that gives your infrastructure team performance information on a database can be leveraged by business teams to trigger marketing campaigns, and by the security team to identify external database attacks via an exposed web server. It’s powerful intelligence that delivers actionable insight back to the right team, at the right time, in the right format.
Splunk Enterprise, and the premium solution Splunk Enterprise Security, give all the standard capabilities of a SIEM and adds even more to the plate. A few examples are machine learning, kill chain methodology tracking (PDF), and near real time, ad hoc search capabilities. Currently on the Splunkbase app store there are over 400 pre-built searches, reports and visualization for third-party security vendors. That means faster time to value for your organizations, and faster visibility into attacks in your environment.
All these capabilities are available on-prem, in public cloud, in a SaaS hosted model, or any blend of those that works best for your organization.
If you are ready to take your SIEM to the next level, cStor and Splunk should be on your short list for an in-person demo to see the capabilities and understand how it could benefit your organization.
To learn more on this subject join us for a free, 30-minute webinar on Wednesday, March 8, at 10 am PDT.