Endpoint protection now has a recently affirmed practice of using a variety of intelligent, lightweight sensors that capture and record all relevant endpoint activity ensuring true visibility across the environment. They may come with a small footprint, no reboot, no daily AV definitions, no user alerts, no impact on the endpoints and protect both offline and online access. The use of distributed sensors also implies a centralized analysis service that can be hosted in the cloud so that it can scale arbitrarily. Together with the use of sensors and services, this kind of SIEM can crunch a large amount of data. By correlating billions of events in real-time and applying graph-based techniques, it can draw a link between events and adversary activity quickly. It’s a powerful and massive scalable graph database that can be used with machine learning techniques to detect patterns. This makes SIEM stand out as a special purpose platform and are not integrated with a general-purpose IT platform software-as-a-service.
With the use of data mining algorithms and machine learning packages, the analytics has improved in ways that go beyond traditional processing. Operational data no longer finds appeal in relational storage even if the analysis is simpler. Events and products that build on events are increasingly taking over the analysis and providing insights that are being talked about and shared with visualizations from companies that specialize in the layers that render charts and graphs.
There is no specific say in how the intelligence with the events will evolve but it is likely to occur in the initiatives mentioned, before becoming integrated with more established platforms in IT.
Among the emerging trends, there is a shift towards machine data collection on the edge servers. This provides a unique and growing field of innovations in a way like the one cloud computing has provided. Whether endpoints or edge computing, sophisticated and connected sensors will empower centralized threat analysis and pre-emptive measures.
No comments:
Post a Comment