New generation of SIEM platforms bolsters top-down monitoring of network and cloud-application activity with applied analytics techniques that help spot security incidents as soon as they’re happening. Those new techniques have emerged as the maturation of security analytics techniques, and the collection of increasingly large and varied types of activity data, enable SIEM vendors to apply new methodologies to the analysis of corporate data. This, in turn, better equips Managed Security Service Providers (MSSP’s) such as Custodian as well as end-user organizations to identify anomalous behaviour – and act on it – as soon as it is happening.
One of the most significant inputs into the system is increasingly being referred to as User and Entity Behaviour Analytics (UEBA) behaviour – and it’s proving to be indispensable in quickly identifying malicious activity before it leads to the theft of sensitive data from corporate networks or servers.