August has become an important month for rapidly evolving Security Information and Event Management (SIEM) sector and function so let’s take a few minutes to explain “SIEM” and the state of the function.
Not even a known acronym a few short years ago, SIEM is now an important, named function or department at many companies and is top of mind for many CSOs (Chief Security Officers) and CISOs (Chief Information Security Officers). As each week the news reports of new “hacks” of companies, individuals, and government organizations continue, the importance (and resourcing) of defensive and proactive countermeasures increases and thus the collection, management and analysis of both security information and security events becomes critical and this new category of SIEM IT solutions to manage it gains notoriety.
SIEM software products and services combine security information management and security events generated by network hardware and applications to provide real-time analysis of security alerts and threats happening within an organization’s IT infrastructure. SIEM products have increased in functionality and have become integral components in measuring operational intelligence as well as exposing security threats in large corporations and government organizations.
As this market continues to emerge, a number of software vendors have developed solutions and continue to compete for a presence in this space. In its most recent Magic Quadrant for SIEM, Gartner Group stated that the need for early targeted attack detection and response is driving the expansion of new and existing SIEM deployments.
Leading players in this market segment include traditional IT vendors such as IBM, HP, Intel, and EMC. However, some newer vendors have emerged as new leaders, purely focused on log management, IT operational analysis, security and compliance management. One of these is Splunk, Syncsort’s strategic SIEM and IT Operational Analytics partner for Ironstream®. Splunk provides event and “log” collection, search and visualization, along with the Splunk Enterprise Security (ES) application, which adds security-specific SIEM features.
Ironstream takes all of the security information and events that it collects from an IBM z/OS mainframe and maps that information into the Splunk ES Common Information Model (CIM). Ironstream populates the Splunk ES dashboards with information and security correlations from IBM z/OS environments alongside data from open-systems devices and networks, giving a true enterprise-wide, real-time view of security activity, threats, and intrusions. Truly a case of bridging the gap “Big Iron-to-Big Data” in action.
As the IRS continues to pressure state governments to better secure their data (and show how they’re doing it), and financial services and insurance companies have to pass more difficult (and more frequent) audits, SIEM solution adoption is increasing exponentially and companies with one or more mainframes in their enterprise are looking to analysts for guidance and to their trusted vendors for help in completing their view of what’s going on, who’s trying to get in, etc. Amazingly, a category that didn’t exist a few years ago is becoming a standard element at enterprises and agencies.
Oh, and what makes August important? This is when the definitive annual analysis of the industry is released. All of us at Syncsort would like to congratulate our SIEM partner Splunk for maintaining their leadership position in the Gartner 2016 Magic Quadrant (MQ) for SIEM! Check out a free copy of this new 2016 MQ for SIEM report and the associated “2016 Critical Capabilities for SIEM” and see how the Gartner Group sees the SIEM playing field.