Beyond SIEM: Orchestration & Response
Today's proliferating threat landscape is making demands of the existing security infrastructure, its orchestration and response, for which it may never have been designed. And SIEMs are no different. In the age of advanced threats, the need to go beyond the SIEMs traditional roles is being keenly felt given the volume of cyberattacks. Advanced attacks are tailor made. No product can be built since each one is different. How can products alone stop this? Therefore the strategy needs to be built around products, process and people. Against this backdrop, the challenges have been umpteen as skilled attackers can access the computing power they need. In addition, the security operations centers (SOCs) must contend with a huge volume of alerts, stressing understaffed teams. As a result, most organizations running traditional security programs that rely on manual intervention and containment face an asymmetric fight. Besides, the traditional incident response doctrine focuses on each infected system in isolation from others rather than as related pieces of a larger puzzle. Against the growing complexities, to effectively manage the risk posed by new threats, organizations must change the way they handle intrusions, understand how targeted threats operate and re-evaluate their security priorities.
The session will discuss:
- Challenges faced by traditional SIEM models in today's advanced threat landscape;
- Need for security orchestration as a better approach to advanced threat defense;
- Importance of automation and need to contextualize the process of automation;
- An effective approach to remediate targeted threats.