top of page

Why SIEM solutions don't work...

As a long standing user of SIEM (Security Incident Event Management) systems, Jigsaw Security is in a unique position as we have evolved to provide solutions that allow us to monitor large number of customer environments. Our team started in the Intelligence arena and over the years have shifted into Cyber Security and Big Data solutions as both a user and a provider. When we set out to build a solution for our own monitoring we quickly realized that our solutions were sought after by MSSP's and other intelligence based organizations.

A look at Threats in the Jigsaw Enterprise Platform

We started our company as consumers of threat intelligence, OSINT information and just like others bought into the SIEM pitch thinking that we could monitor our customers with these solutions. Over the years we realized that there had to be a better way. The SIEM solutions required constant maintenance, collectors would go down, intelligence would get stale leading to false positives in detection and the solution did not scale without spending millions of dollars. In 2013 we set out to change that with the first attempt at building a big data solution.

There were many companies out there trying to do what we wanted to do but none of them were providing a customizable solution that would scale. Most solutions did 1 or 2 things well but lacked in other areas. Instead of building new solutions we decided to create a fusion of existing solutions meaning we didn't want to reinvent the wheel but find a better way of interpreting the data being generated by sensors, SIEM tools, endpoint protection, anvivirus and similar technologies. Jigsaw spent the entire year of 2014 perfecting our big data offering. We started from the ground up with industry leading solutions, added in our Intelligence based software ingest solutions, created fault tolerant and redundant data storage systems and then started consuming all of the data generated by our existing security stack.

In 2015 we launched the Jigsaw Enterprise Solution and we haven't looked back. Now we integrate the data sources that already existing in the enterprise but then we tie it all together with matching analytics to show what is occurring in that environment so we can concentrate on true threats instead of what others think is important. The intelligence generated from your own data is more valuable because it's your intelligence, you just have to have a system capable of analyzing it in near real time to give you notifications on what is important to your security and analyst on staff.

Don't get us wrong threat feeds are great for finding commodity malware but will never find the needle in the haystack that is actually a bigger threat to your network. Anti-virus cannot detect malware that was specifically written to target your organization and threat Intel will stop the noisy attacks but miss the true threats to your data security. Our Jigsaw Sensor and endpoint protection products work by interpreting what is occurring as well as the signature based threats to give a full picture. For example if you do not have corporate sites located in China we would indicate that traffic with large payloads are terminating in China as just one example or if your workstations are trying to communicate with servers that no longer exist we would alert on that because malware quite often tries to talk to sites they may have already been taken offline by authorities.

So why do SIEM solutions not work for most companies? They simply generate too much data that one could never possibly research every alert that comes in. This is what happened with Anthem during their breach. Their tools detected the problem but analyst were overwhelmed with information and could not respond to it giving the attackers 6 months of leeway to do their damage. Another area where SIEM tools fail is the fact that the systems are decentralized and prone to outages on sensors. The sensors and collectors may go offline with nobody noticing there is an issue until after an attacker is successful. Scale is another problem with most of these SIEM based solutions as reporting can take hours to generate and by then it's too late. Our solution reports immediately on what is occurring without CPU intensive report generation.

Don't believe us? Schedule a demo and find out for yourself!

Use our platform to actively stop threats before they become breaches with Sinkhole DNS, Firewall and Sensor Management and network resets to disrupt malicious payloads before they can be downloaded.

Now Cloud Enabled through Rackspace, Azure or AWS Instances

Jigsaw Solutions are now cloud enabled so you can benefit from our technologies without having a solution installed on your network. Simply change your DNS entries of your clients to point to our servers, deploy sensors on your border and forward syslog to our instance and you can find threats fast and easily.

45 views0 comments
bottom of page