Security Information and Event Management (SIEM)
While the cybersecurity rhetoric would have you believe “SIEM is Dead”, a SIEM solution continues to be a foundational component of a broader XDR platform. SIEM solutions collect, standardize, and store the disparate data that XDR needs to perform correlation. This includes log data, but also network, user, and cloud events. Recently, SIEM solutions have been tasked to provide the dashboarding and reporting needs of the SOC and for demonstrating compliance with regulatory mandates. In modern
security programs, SIEM is largely now being deployed as a Software-as-a-Service (SaaS) rather than the heavy lift on-premises model of the past. And modern SIEMs are using big data technologies to handle the volume of data today.
Vulnerability Management
Vulnerability management and assessment scans are needed to continuously track the attack surface and ensure that the infrastructure, systems, and software applications running business operations are not exposed to cyber criminals. This capability is usually resource intensive, occupying a lot of time from security analysts because vulnerability scans tend to throw off a very large number of alerts, most of which are not relevant. Effective vulnerability management solutions can apply several layers of context to weed out irrelevant alerts and prioritize the small number of true, high-impact areas of risk in the organization’s IT environment.
