Cyber Security

Evolution of SIEM

In our Last post, we looked at the fundamentals of SIEM and why security event correlation, log management, and threat detection helps enterprises remain secure in an increasingly unstable digital marketplace. In this post, we’ll examine the evolution of this category.

What makes the history of SIEM interesting is, that it has no one real origin. Instead, its beginnings are tied into the history of enterprise networks, previous technologies, and more recent influences like the cloud. In 1993, the arrival of easy to use internet browsers planted the seed for mass computer adoption by businesses. By 1999, the need for software security (the precursor to modern next-generation cybersecurity)became apparent.

Around the same time, graphic monitoring tools and enterprise network monitoring tools such as neon, MRTG, and Big Brother began to appear.

By the early 2000s, new species of monitoring tools began to emerge. These included security information management, commonly abbreviated as SIM, and security event management, or SEM. The former offered log management solutions, historical analysis, and forensic capabilities, whereas the latter served as a threat management tool designed primarily to fight threats in earlier network environments and incident response support. Both SIM and SEM proved essential as more commerce and communication became digitized, but they remained separate solutions until 2005.

Then Gartner researchers Amrit T. WilliamsMark Nicolett coined a new term in their “Improve IT Security with Vulnerability Management” report—SIEM. This encompassed SEM and SIM into one cybersecurity solution, which could offer log management, security event correlation, alerting by drawing from other cybersecurity tools like firewalls and antivirus.

Some disagree on whether this seminal Gartner coinage blew the starting whistle for SIEM solutions or whether they simply put a name to emerging technology. Nevertheless, it completely changed the face of the cybersecurity landscape.

Providers such as LogRhythm, which was founded in 2003 as a log management solution, swiftly evolved into new SIEM solution vendors. Others, such as Exabeam which was founded in 2013, created unprecedented shockwaves when diving into space. This small difference in origins underscores the incredible diversity of the SIEM market, which remains evident today. Sumo Logic began life in 2010, focusing on machine-generated big data leverage, whereas AT&T Cybersecurity, formerly AlienVault, provided open-source threat intelligence.

Yet Gartner continues to group all of these vendors under the heading of SIEM due to their common connection to log management. While the early days of SIEM focused on helping large enterprises handle their compliance, the focus has shifted. Now providers look to help small-to-medium-sized businesses protect themselves from dwelling threats and security holes. More and more vendors are offering managed services to help businesses with smaller cybersecurity teams complete their objectives. As such, SIEM has taken on special importance in cybersecurity platforms.

With the advent of modern cloud environments and evolving security threats, SIEM’s ability to root out problems in diverse applications and databases became essential to protecting digital assets and communications which are no longer restricted to on-premises technologies. That’s all for now. For more information about SIEM, cybersecurity news, or the latest technical tutorials on SOAR, SIEM and other technologies keep visiting my blog.