View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Will user behaviour analytics KO SIEM?

So do we actually still need SIEM?

By James Nunns

The fluorescent lights piercing. The noise of the crowds cheering and stamping are deafening. Both contenders pounding their feet on the canvas. The old heavyweight,
security information and event management (SIEM), is swinging wildly but the new contender, user behaviour analytics (UBA) is landing quick and fast jabs. The new entrant is bobbing and weaving to miss the heavyweight’s hits. What seemed like a clear win for SIEM is now starting to take an interesting turn.

Could the new kid on the block knockout SIEM?

When you think of cyber security monitoring capabilities, most people would

Dr Jamie Graves, CEO, ZoneFox.

automatically think of SIEM. They are widely used by organisations to keep an eye on any dodgy activity by collecting, aggregating and correlating security events and asset information.

But a new challenger – UBA – has entered the market. And while not as ubiquitous in cyber security shops, UBA promises to pack a punch when it comes to identifying and responding to cyber threats.

Old hat

The concept of SIEM – at a high level – has remained similar over the years. However, it has and is evolving. For instance, SIEM vendors are looking to move to faster databases in order to use big data and provide better context.

SIEM helps cyber security teams to pinpoint security vulnerabilities quickly. The drawback, however, is that SIEM still takes a lot of up-front effort to get running smoothly, and may take months to get into full production. And like in a fight, brute strength won’t always mean victory; you need to be quick on your feet.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

And much like winning a boxing match, the end is wonderful. But a lot of blood, sweat and tears goes into getting to that point.

The up-and-comer

While SIEM, when implemented well, can provide great value to a cyber security operation, the implementation itself can be a daunting task.

UBA was born in an effort to alleviate the stress that comes part in parcel of implementing a SIEM solution. These solutions eat up a large amount of data, use clever machine learning technology to do the heavy lifting and better detect what users on your network are up to.

Along with a host of other benefits, like the ability to create your own policies and define what is and isn’t crucial, its biggest USP is its ease of getting everything up and running.

The one-two punch         

So do we actually still need SIEM? In short, yes.

Mainly because a lot of companies already have a SIEM in place and forklifting the solution out and replacing with a UBA solution might cause internal chaos in your execs head, given the sheer amount of money – and time – that goes into SIEM.

In fact, if you have a SIEM in place, a UBA platform could provide valuable insight to help tune your SIEM. And in a world where cyber criminals are getting smarter and their tactics becoming more sophisticated, shouldn’t businesses be covering all bases?

You can use UBA to find previously unlooked-for threats, ingesting alerts into SIEM to add precision and context to your detection and response efforts. And don’t just take my word for it. Noted SIEM and data analytics vendors have recently added UBA to their platforms. So you needn’t replace one of these solutions for the other; the two teaming together stand the best chance is guarding businesses against cyber criminals.

Back to the ring. Two more seconds left of the final round. Final jabs fly from both. The bell shrieks and the whooping crowd eagerly await the verdict. Both contenders have their heads down waiting. The judges say it’s too close to call; it appears to be a tie. Until next time…

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.