The following is an excerpt from our recently published guide, “The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR and NTA.” In this guide we analyze the failed promises of SIEM platforms, how Network Traffic Analysis (NTA) and Network Detection and Response (NDR) tools fit into the equation, and how third-wave, self-supervised AI is created outside the limitations of the legacy architectures that are holding back many of today’s security vendors.
NTA and NDR: The Missing Piece
Most SIEM vendors acknowledge the value of network traffic data for leading indicators of attacks, anomaly detection, and user behavior analysis as being far more useful than log data. Ironically, network traffic data is often expressly excluded from SIEM deployments, because the data ingest significantly increases the required data aggregation and storage costs typically 3-5x.
Geoff Coulehan, head of Strategic Alliances for MixMode and decades-long expert in cybersecurity technology shares, “SIEM vendors know that by the end of the first phase of the deployment, customers will realize they need additional data to provide the required security coverage. Forced with a decision to continue to invest additively in a SIEM platform, or acknowledge to their executive sponsors that they vastly underestimated the licensing, deployment, and operational costs, SIEM vendors bet on customers taking the path of least resistance, and absorb the expense.”
Coulehan says that by intentionally eliminating the most high-value data sources, the holistic security threat posture is diminished. “From an operational perspective, the challenges are compounded, requiring more manual investigations of alerts that may or may not have the required data supporting the underlying baseline,” he explains. “Customers feel inclined to maintain the status quo with an existing SI ..
Support the originator by clicking the read the rest link below.
