Developments in Machine Learning vs. Traditional SIEM Solutions

by Frank Siemons
Oct. 8, 2017 0 comments INFOSEC Institute Pen Testing & Audits

For decades, Information security analysts have been scanning through security logs trying to find anomalies that could lead to security incidents. In the beginning, the log data was limited, and the complexity of attacks did not require many different data feeds to be combined to come to a conclusion. Some assistance was provided by log analysis tools, but in the basis, the correlation was done by actual people. This manual process became increasingly difficult when organizations needed to deal with ever increasing data volumes and a growing number of data sources. They needed to separate effectively the useful from the useless information that was hidden inside. Some more advanced log solutions were created that slowly evolved into the SIEM (Security information and event management) solutions such as ArcSight and AlienVault we now see.