You might be aware of the fact, that I am not a too big fan of classical SIEM tools. In my opinion, they often fail to deliver good results efficiently, deliver too many false positives and need quite a team of engineers to keep the ruleset/use cases current.
Typically, I use these environments to monitor static processes (but you can build that on something like Splunk as well) and then try to use something else. The challenge is, that “something else” is quite hard to find today. You have to build it on your own and it gets costly very, very fast. The term “de jour” is Threat Intelligence, which can be the next big step forward in this space.
A few weeks ago, I talked to the team doing Digital within Accenture as they are doing a lot of work in the area of Data Analytics mainly to understand the business and customers. To me, this sounded exactly what I need in security – at least from an architecture and concept point of view. Guess what, one guy there had the same idea and worked with Accenture Security Labs to make it happen.
The concepts behind – to me – are really brilliant and leveraging technology I have not seen before.
You can read the announcement yourself here: Accenture Introduces the Accenture Cyber Intelligence Platform to Help Organizations Continuously Predict, Detect and Combat Cyber Attacks
Now I will work to find customers for a Proof of Concept!