Australia getting smarter about security intelligence

Sophisticated end-user applications are creating buoyant local demand for security information and event management (SIEM) solutions

Increasingly sophisticated end-user applications are creating buoyant local demand for security information and event management (SIEM) solutions, driving rapid growth in a market that is steadily broadening its reach and capabilities.

That market, supported by progressively improving data analytics capabilities, has been supported by the ongoing – and increasingly pernicious – stream of high-profile hacks that has not only led to egg on the faces of executives at key businesses around the world, but gained new intensity recently with the furore around the hacking of Sony and the increasingly tense standoff between the United States and North Korea.

That such hacks could be perpetrated against high-profile targets at all, has sent many CSOs running to forge new ties with their CEOs and boards with a renewed sense of urgency around cybercrime strategies.

That the hacks are often, it is being discovered, being perpetrated without the target organisations even knowing about them – often for months or even years – is creating a new panic around information security.

In an increasing number of cases, the solution to that panic is the adoption of SIEM tools whose sole purpose is to scour through masses of security-related information to pinpoint attacks with urgent and decisive accuracy.

View the Security Intelligence Zone on CSO for free Gartner, Forrester and SANs reports

Market watcher IDC pegged the SIEM market at some $US4 billion in 2013, during which time it grew at an annual rate of 10.2 percent.

Year-end 2014 revenues are expected to hit $US4.4 billion globally, representing a further 9.7 percent increase – and revenues are expected to continue growing at an average 10.2 percent annually through 2018.

The trend has hit Australia, where general corporate imperatives are reinforced by a growing need for good information governance, particularly hard – and that has key players in the market moving quickly.

Read more: Security Operations the Final Frontier – Part II

One major SIEM provider, LogRhythm, has seen a strong uptick in its Australian business and has recently moved to bolster its local operation after "years of dabbling", according to one senior company executive.

"The public disclosure of security breaches and data loss incidents results in ever-increasing usage of products that can create and enforce security policy and provide information required by auditors," the firm's analysis concluded, noting that products combining data and event management must also be able to identify and remediate threats based on user privileges.

Rapid evolution has kept the SIEM market quite diffuse, with the top 10 vendors accounting for just 49 percent of the overall market and only one vendor having more than 10 percent of the market.

Cisco Security Manager, EMC's RSA Security, HP ArcSight, NetIQ Sentinel, SolarWinds Log & Event Manager, Splunk!, and Tenable Network Security are amongst the many solutions competing to bolster their position.

Read more: Security tool delivers surprise insights to Domino's Pizza

The rapidly changing market posture has created a sense of urgency across the market, particularly in high-growth regions such as Australia. Speaking recently to CSO Australia, LogRhythm senior vice president of worldwide operations Bill Smith said the company's business in Australia would double this year and "double or triple" next year as its partner-focused delivery strategy gained further traction.

"As a small company we were growing and kept most of our resources in the US," Smith said, "but as we looked at expanding in the region our business began growing dramatically."

"We have forged some really strong partnerships with companies that are well known in the security business, and we've got a strong set of prospects and a good set of customers. We feel that we have the wind at our backs."

Engagements with customers were about much more than technology delivery, however: end-user education had become even more critical with the growing awareness of sensitivities around consumer, patient or other data requiring particular security and privacy controls.

Most violations of these controls were accidents, Smith said, with "poor education or understanding, or things happening behind the scenes that users are not aware of, or interesting threat tactics that we haven't seen before. It does happen."

Improving the analysis of security-related events would help organisations more quickly identify the things they don't know they don't know – but delivering this, Smith warned, requires careful attention to not only the back-end analytics but the overall user experience.

"We've got to find smart ways to protect this stuff that don't rely on an educated user," he said.

View the Security Intelligence Zone on CSO for free Gartner, Forrester and SANs reports

IDC's analysis agrees: security consists of products, people, and policy, the firm warns, noting that security analytics vendors "are able to provide many policy solutions that are used to supplement and validate other security defenses... [and] can be considered the 'brains' of an organization's security efforts."

Reflecting this position, LogRhythm is on the cusp of updating its tools to further strengthen its value proposition for businesses wanting to get a better grip on their security exposure.

Ultimately, making this happen requires a key philosophical recognition on the part of end users, Smith said: that there is no way to block all security attacks an organisation might have to deal with. Instead, the key is to focus on rapid detection – and, with analytics techniques improving all the time, this part of the formula has become much stronger over time.

"You're going to get breached," Smith said. "Your goal should not be to stop breaches because you're not going to do that. Your goal should be to detect it as quickly as possible."

"We believe it's possible to get average mean time of detection down from weeks to months, hours, minutes, or seconds. Prevention is futile, but quick detection is not."

Join the CSO newsletter!

Error: Please check your email address.

Tags Log RhythmSIEM toolssecurity intelligencesecurity information and event managementSIEM

More about ArcSightBillCisco SecurityCSOGartnerHPLogRhythmNetIQRSASolarWindsSonySplunkTenableTenable Network Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place