Home » What capabilities are critical when comparing a modern SIEM

What capabilities are critical when comparing a modern SIEM


Been around for over a decade, SIEM started out as a tool designed to assist with compliance and metamorphosing into a threat detection system and eventually into an investigation and response platform for security operations centre (SOC).

 At its core, SIEM is a great way to collect various log and event information from different networks and data centres. It is also useful for initial analysis and categorising alerts. From these two standpoints, SIEM remains relevant. However, more often than ever the question of SIEM’s relevancy is raised nowadays.

 In this article, we will look at two critical shortcomings of SIEM.

Firstly, the biggest grumble about SIEM is the security team becoming inundated with potential threat spotting but powerless to do anything about it. Imagine a situation, someone wakes you up at 2 am telling you there is an intruder at home but doesn’t help you call 911!

 Secondly, SIEM’s ability to manage user growth.

So, how can organisations update the way they use SIEM to match the speed and complexity of today’s threat landscape?

 Introducing HyperScale SIEM- The SIEM big brother

DNIF recently launched HyperScale SIEM, a tool capable of processing a high volume of data and providing visualisation and data pulling across data sources. The tool interface is simple making the entire setup process easy. Now, this is just the skim on the surface.

 Let us evaluate the tool against the challenges discussed earlier.

One of the most vital features of DNIF HyperScale SIEM is the Connected Signals capability that provides a campaign view rather than a disconnect alert.

Typically, most systems fail to identify connections between threats and end up creating a list of disconnected alerts. They work on isolated threats, misleading the end strategy. DNIF HyperScale SIEM identifies the connection between threats, thereby providing a larger data landscape that allows tracking the chain of events leading to a potential breach, formulating a response strategy, and minimizing the associated risks. Connected Signals connect various threat signals using graph-based machine learning techniques and identify the connection between multiple attacks instead of isolated attacks. In short, DNIF HyperScale SIEM finds campaigns: the connection between multiple attacks, instead of isolated attacks.

 Balancing between data ingestion, storage, performance, and ownership costs

In managing today’s increased threat landscape, a feature that cannot be missed in your SOC is the ability to ingest and enrich large volumes of data. DNIF HyperScale SIEM petabyte-scale data lake can ingest, enrich, store and correlate data. The tool is optimised to work with the largest amounts of data, making it easy to continue scaling up and supporting organisational or user growth. Furthermore, this also reduces time to resolution. With data prioritised intelligently, analysts get information faster and can respond to the right problems in real-time. Furthermore, DNIF HyperScale SIEM has one of the industry’s best data Compression Values. It provides several compression options, such as the General mode for up to 95% compression and the Maximal mode for up to 98.4% compression.

It also comes power-packed with a 50K EPS processing capability with a standard 8 CPU server. Now what this means to a SOC is increased data compression leading to the low storage footprint, bringing down hardware cost to a third while delivering top performance. Which means Low TCO. Additionally, DNIF HyperScale capabilities include ML-powered behavioural analytics to identify anomalous behaviours, real-time correlation against threat intelligence, predictive analytics, historical correlation, and other intelligent analytics to address a wide range of business-critical security use cases. In addition, the map signals on the MITRE framework can visualise attack progression and gain a timeline view of the events. You can investigate signals, perform incident analysis, hunt for threats, and correlate signals across solutions.

Brain Curry

Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.