No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

A New SIEM for a New World

by Avi Chesla
October 23, 2018
in Data Privacy, Featured
SIEM in red on binary code background

Moving from “Big Rules” to “No Rules”

No two cybersecurity events are exactly alike, so it’s a fool’s errand to plan and protect solely against known threats. The need is greater now than ever for security teams to arm themselves with innovative SIEM technology with automatic threat detection and adaptive response.

When security information and event management (SIEM) technology burst onto the scene two decades ago, it promised to make life easier for security teams by aggregating, managing and analyzing log information from security infrastructure to facilitate meeting compliance requirements, provide forensics for security events and identify security incidents. But rather than become security’s silver bullet, SIEM solutions have grown into a well-known source of pain for security and compliance teams.

While SIEM has been somewhat successful at compliance and forensics, it has been woefully inadequate at security incident detection and response. The technology has become a major contributor to the security cost and complexity problem by requiring significant amounts of manual labor to digest logs from new data sources, classify them and then analyze the alerts the SIEM generates – the vast majority of which are typically false-positive or redundant. Put it all together, and SIEMs have earned the reputation of being reactive, passive, complex and expensive. Traditional SIEM’s fundamental failing is that its basic architecture might have been suitable for the threat landscape at the turn of the century, but it’s obsolete for today’s world, where organizations face:

  • Automated, machine-generated attacks that are constantly morphing and are increasingly multi-function, increasing attack velocity and effectively making every attack “brand new.”
  • A dramatic expansion of the enterprise attack surface, where traditional corporate “perimeters” no longer exist thanks to trends such as mobile, cloud and IoT.
  • A big data problem that prevents SIEMs from automatically consuming and operationalizing all of the content generated by machines and humans to provide situation awareness of the threat landscape.
  • Infrastructure bloat, caused by organizations’ reactive approach to security, where they respond to new threats and compliance requirements with new tools (each of which adds to the big data problem by generating its own streams of alerts and information).

Amid all these changes, SIEMs have remained largely unchanged: They continue to attempt to identify advanced attacks using human-written, static correlation rules – rules that require human security experts to develop, deploy, update and maintain. This approach just doesn’t work in today’s advanced cybersecurity landscape where there’s endless threat data that changes at the speed of light.

Not only do human-written rules require extensive manual labor to manage, driving up operations costs, but they also introduce significant security and compliance risks because: 1) Humans cannot write or update rules as fast as machines can change attacks, so cybercriminals will always have the upper hand; and 2) the number of rules required to cover all attack patterns has grown exponentially, causing a “Big Rules” problem that forces teams to be mired in mundane task work instead of focusing on priority issues that will strengthen the organization’s security posture and compliance efforts.

The reality is, rather than make security and compliance pros’ lives easier, the “Big Rules” problem has created more headaches for them by rendering SIEMs (even those claiming to be “next-generation”) too reactive (human-written rules can only be developed against known threats and patterns), too passive (designed for alerting, not responding), too complex (resulting in thousands of security correlation rules that are simply impossible to maintain) and too expensive (they require massive ongoing investment to cope with the “Big Rules” problem).

Does this mean that we should remove SIEMs from our security infrastructure? Absolutely not. But it does mean we need a new kind of SIEM: one that creates a “no rules” world.

Moving from “Big Rules” to “No Rules”

The “Big Rules” problem can be solved with a SIEM system that enables real-time detection, investigation, remediation and mitigation of both known and unknown threats, without rules or manual processes. But how do we get there? The answer lies in a “no rules” SIEM that relies on the power of artificial intelligence (AI) and behavioral analytics and is developed specifically for today’s sophisticated threat landscape.

A “no-rules” SIEM is founded on a stack of intelligence layers. The first (and most fundamental) layer is responsible for automatically classifying logs and data feeds by security “intent” – that is, separating benign activity from activity demonstrating malicious intent – using AI technology, such as machine learning (ML) and natural language processing (NLP) algorithms. These algorithms emulate the actions of security analysts – reading logs and data feeds, seeking out relevant information from the logs and from third-party data sources outside the organization and identifying attack intent – but magnitudes faster and more effective. Other important features of “no rules” SIEMs include:

  • Flexible data ingestion, where the SIEM is open for use with any database and has the ability to collect structured and unstructured data, including logs, network flows, intelligence feeds, user and account activities and more.
  • Auto-correlation, leveraging cause-and-effect analytics to automatically validate and prioritize attacks and reveal the complete “attack story,” without requiring static correlation rules.
  • Adaptive orchestration by using the capabilities of an organization’s existing security infrastructure to actively investigate and mitigate (block) attacks, without requiring scripts.

With these capabilities, SIEM technology transforms from being a reactive and passive system to an active one that detects, confirms and stop attacks before they can cause harm. This dramatically improves incident detection and response, simplifies security and compliance management and, because there are no rules to manage, slashes SIEM total cost of ownership.

Perhaps most importantly, “no rules” SIEMs are designed to combat the sophisticated cybercriminals we face today. Attackers may reuse some of the same tools and techniques, but no two attack patterns will be exactly the same, rendering traditional SIEMs that protect against only known threats useless.

A new SIEM for a new world uses AI and analytics to create varied attack patterns that contain valid evidence of the adversary’s characteristics, without pigeonholing them into a specific pattern that likely won’t happen again. Instead, the technology helps organizations predict how attacks will occur, long before they happen. And, armed with the ability to detect known and unknown threats, organizations can flip the tables and finally gain the upper hand over the very adversaries that have reigned for years.


Tags: Artificial Intelligence (AI)Big DataCybercrimeMachine Learning
Previous Post

Advance Preparation for an OCR HIPAA Audit

Next Post

How The DOJ’s New Guidelines on Monitorships is an Opportunity for Corporations

Avi Chesla

Avi Chesla

Avi Chesla is Founder and CTO at empow. Avi is a recognized leader in the internet security arena internationally, with expertise in product strategy, cybersecurity, network behavioral analysis, expert systems and software-defined networking. Prior to empow, Avi was CTO and VP of Security Products at Radware, where he was responsible for defining, leading and executing the company’s strategic technology roadmap and vision, including the foundation and management of Radware’s Security Division, a provider of cyberattack mitigation solutions. Avi’s views on industry trends and best practices have been featured in articles and white papers and on the conference speaking circuit. He has earned more than 25 patents in the arena of cybersecurity solutions.

Related Posts

GAN Integrity TPRM & AI

Where TPRM Meets AI: Balancing Risk & Reward

by Corporate Compliance Insights
May 13, 2025

Is your organization prepared for the dual challenges of AI in third-party risk management? Whitepaper Where TPRM Meets AI: Balancing...

tracking prices

Pricing Algorithms Raise New Antitrust Concerns

by FTI Consulting
May 13, 2025

Interdisciplinary frameworks can help manage legal, privacy and consumer protection risks

news roundup data grungy

DEI, Immigration Regulations Lead List of Employers’ Concerns

by Staff and Wire Reports
May 9, 2025

Half of fraud driven by AI; finserv firms cite tech risks in ’25

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

Next Post
businessman looking over another businessman's shoulder

How The DOJ’s New Guidelines on Monitorships is an Opportunity for Corporations

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights