oday’s security information and event management (SIEM) solutions are inundated with incoming events and tracking potential threats to network infrastructure. Significant events must be identified and correlated to detect lateral movement and kill chains to signal when an attack has occurred or is in progress.
Given the huge volume of data that must be processed, most SIEM solutions employ “big data” techniques to tackle this challenge. However, using big data to store events in data lakes and process them offline can lead to delays of minutes or hours, giving attackers a key advantage. Is there a way to rethink this software architecture, enhance current techniques and obtain insights fast enough to help interrupt ongoing attacks?