Bob Tarzey, Analyst & Director, Quocirca
Traditional IT security defences have been built using point security products. These are good for protecting against specific threats; for example firewalls limit access to networks, anti-virus software detects malware on given devices and encryption protects stored data. However, cyber security threats have now emerged that can only be detected by correlating information from a wide range of sources, including point security products themselves.
Most organisations already have much of the required data to achieve this but not the tools needed to process it. This has led to the emergence of next generation SIEM (security information and event management) tools. These enable the real time correlation of IT intelligence data and for many advanced threats to be foiled or pre-empted that would have been previously undetectable. This presentation looks at what can be achieved with NG-SIEM by looking at real world examples.