To loosely borrow some of the words of the Talking Heads, you may find yourself, working at the head of a large agency safeguarding large amounts of company data. And you may find yourself asking how that data was exposed? Unfortunately, this scenario can become a reality, as we are living in a new age where protecting consumer information, intellectual property, and government secrets is a priority and IT professionals need all of the help they can get.
In the B2B channel, the market for information security remains one of the fastest growth markets in IT with no signs of slowing. According to NPD’s B2B Software and Cloud Tracking Service, the U.S. B2B security software market grew 13 percent from 2016 to 2017, outpacing the overall software market growth of six percent.
One of the fastest growth segments within the information security market is security information and event management (SIEM). The growth of the SIEM market is expected to outpace overall IT spending and will continue to be one of the fastest growth segments in the information security market for the next several years for myriad reasons.
First, firms in key vertical markets that generate a colossal amount of consumer and patient information are tied to federal mandates to protect that information and face regular audits to stay compliant. For example, in the U.S., firms are dealing with the Health Insurance Portability and Accountability Act while companies in the financial services industry (e.g., credit card companies) need to comply with The Payment Card Industry Data Security Standard that works to safeguard consumer information.
At a local level, New York’s Department of Financial Services recently introduced the 23 NYCRR Part 500, a regulation that requires organizations to perform annual penetration testing of their IT systems, audit trails, and more. In the European Union, companies have until May 25, 2018 to meet the General Data Protection Regulation and are feverishly trying to put solutions in place to stay compliant.
Second, the days of a reactionary information security (InfoSec) approach are over and firms need better tools to centralize anything they can that is incoming from outside the network to what employees are touching inside the network to gather more intelligence on what is normal or unusual behavior. This is where artificial intelligence (AI) will play a critical role to augment the InfoSec teams.
What does SIEM/AI look like in the future?
Well, if you’re a firm protecting some highly sensitive information that you don’t want to fall into the hands of your rivals, you are talking about always-on instantaneous profiling of your employees and correlating myriad log files from all across the network. Let’s say you have an employee that is about to leave the company and violate the Economic Espionage Act of 1996, created to protect trade secrets. AI would allow you to track the following activities, in addition to many others, to assist the Chief Information Security Officer and executive management for risk mitigation:
- Did the employee get a bad review and is starting to peruse rival websites for job openings?
- Are they starting to save more information than normal?
- Are they accessing files that are out of the ordinary?
Due to the current needs of the market, SIEM is here to stay and organizations need to embrace the AI tools that go hand-in-hand with traditional security products to do the job.