The argument that TTPs are being missed is misleading for several reasons. To start with, the SIEM is not meant to cover the entire framework.
back in 2021 when the first report came out, Adam Pennington, who was then MITRE ATT&CK lead at the nonprofit Mitre Corporation, cautioned, “We’ve recommended against focusing on complete coverage of ATT&CK in the past and continue to do so.” Rather, the focus should be on prioritizing threats based on the organization’s own threat intelligence. As every organization is different, so too will the TTPs that are relevant to them.
Of course, the vendors behind the report do have their own agenda. As providers of detection engineering, they are keen to illuminate the supposed shortcomings of SIEM technology to justify investment in detection engineering. A relatively new discipline, detection engineering needs to prove its relevance while riding the coattails of SIEM’s success.
As such detection engineering is quite sophisticated, it’s fair to say it is best suited to those with a mature cybersecurity posture. For the majority of businesses, however, who do not have a fully mature posture, the best way to deal with detection engineering is to use prebuilt playbooks that are designed either in-house or by the SIEM vendor to deal with specific threats.
That said, the report does make some valid claims. It states that SIEMs don’t need to collect more data and that they are already ingesting from sufficient sources and depth. It readily agrees with thethat SIEM and EDR are the two technologies considered critical to an effective SOC and that lone EDR can see attacks missed. But it misses the trajectory the SIEM is on, which will be one of convergence with these complementary technologies.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
NY City Council Apologizes for Menorah Gaffe in Yom Kippur PostIn a message that is incorrect on a couple of fronts, the New York City Council tweeted out a graphic that read “Happy Yom Kippur” — along with a picture of a menorah.
Read more »
Council Post: Defending Against Generative AIGenerative AI is a double-edged sword that can be used for good or evil.
Read more »
Council Post: The Curious Case Of The Internet Of ThoughtsThe Internet was designed to identify computers and not the human users. The Internet is still missing the Identity Layer.
Read more »
Council Post: Harnessing GenAI: Building Cyber Resilience Against Offensive AIThe rapid expansion of GenAI, whether embraced or resisted, is an unstoppable force.
Read more »
Council Post: Ethical AI: Enriching The Lives Of Seniors Through Independent LivingAs AI continues to evolve, the journey of aging can become not only more manageable but also more enriching, empowering seniors to embrace life to the fullest.
Read more »
Council Post: More Efficient Marketing With AI—But Not The Way You ThinkToday, every dollar needs to stretch as far as possible, especially when you never know how many of them might be in the next quarter’s budget.
Read more »