bear-valueCan Bear Add Value To SIEMs?

If you are not aware, there is a large and mature industry in the enterprise world called Security Incident and Event Management (SIEM) and these vendors are very good at finding anomalous activity in large sets of data.  Most layer amazing visualization systems on top and provide valuable insights to admins for large scale systems.  While they excel at this part of the security world, monitoring, they do not take any direct actions.

Instead, they rely on Identity and Access Management (IAM) providers to take care of the response – often through a manual admin action.  IAM providers can range from Active Directory/LDAP user management to firewall/VPN perimeter defense capabilities.  The separation is mostly by design and, while it can sometimes be clunky, this specialization is important for proper responses top sophisticated attacks.

Separate from all of these efforts are endpoint protection services (EPS) which focus on endpoint activity to discern bad actors.  While these providers might not have the depth of Bear, they do provide a different control vector from traditional IAM offerings.

Whew – lots of acronyms but that is the current picture.

Bear can provide some interesting options to consolidate these systems and move them to a more holistic enterprise management approach.  While that is technically possible, will anybody care?  We need your help – please read through our list and let us know!

  • Device IAM (DIAM – you pronounce it)
    • Bear can provide an IAM option that controls device identity, configuration and authentication as well as communications control and privacy
    • We can readily integrate with a SIEM without forcing code changes on the SIEM provider
    • Endpoint protection meets SIEM
  • IoT Management (Finally a Secure Network of Things – SNoT?)
    • Bear can extend SIEM logging to IoT devices of all sizes
    • Bear can also provide full IoT IAM services
  • Enhanced Data (Bear Enhanced Data…BED…too much of a stretch?)
    • Currently, SIEM providers get application and network logging information
    • Bear can extend that data into the IoT, device health and endpoint security logs

If you use a SIEM product – Splunk, LogRhythm, AlienVault, etc.. – then do any of these options interest you?  Would tying together full device control with SIEM analytics be of interest?  Do you buy into the use of enhanced data to drive better hacking detection?  Is the IoT sufficiently interesting to warrant a SIEM extension into this field?

Do you think Bear can provide something valuable to your SIEM vendor that you need?