The SIEM was born as a security market necessity which couldn’t administrate multiple alerts in critical situations.
We all can remember cases like Target, Neiman Marcus or Home Depot who were affected by the Black POS virus.
These companies and others were bombarded by dozens of vectors which caused the number of alerts to grow at an exponential rate. This was the ideal environment for the SIEM to be born.
Distributed data as process accelerator.
The fact that big companies can analyze systematically an unlimited number of security alerts in real time means that the teams at the security operation centers (SOC) can do a better job.
This new knowledge society is creating more data than ever and Hadoops relevance is increasing fast.
We only need to imagine that the sum of all human knowledge doubles monthly to have an idea of the data growth, and to this we have a need to add the fact that cyber pirates keep getting more sophisticated to cross the security perimeter.
We can confidently state that hiring in the security market is a strategic move, as everyone need a SIEM who will protect them in conjunction with Hadoop.
The contingency move of hiring additional personnel is usually limited. As of today more than 400,000 cyber security vacancies in the US can’t be filled due to the lack of qualified candidates, exposing the education problem.
It’s imperative to promote collaboration between digital security professionals and data scientists, each group has to learn how to better identify in advance tendencies that lead into threats.
The importance of user behavior analysis can seem daunting at first, but with a new approach and adding the value of data analytics, systems can be applied as a sustainable threat detection method, and in that sense, Hadoop provides a paradigm shift in the traditional cyber security team.