Graylog is consolidating SIEM and UEBA (anomaly detection and user entity behavior analytics) in its new security package for streamlined detection and elimination of enterprise security threats . Credit: iStock Graylog is extending its SIEM (security information and event management) software with anomaly detection and user entity behavior analytics (UEBA) to provide organizations with a software suite that combines and streamlines security techniques designed to handle a wide range of risks related to insider threats, credential-based attacks, and other cyberthreats.SIEM products and services combine log data collection and reporting with real-time analysis of security alerts generated by applications and network hardware. The features in Graylog’s new consolidated package — called Graylog Security and announced at its recent annual user conference — include AI and automation techniques and are meant to simplify risk management and make security teams more productive.SIEM and log management solutions can be very complex, slow and unscalable, according to Graylog CEO Andy Grolnick. Graylog Security is designed to overcome these long-time challenges, he said. “Historically, anomaly detection and UEBA capabilities have tended to be very complex, expensive, and would require data scientists or experts with advanced capabilities on your staff to get everything to work,” Grolnick said. “So we’re introducing the first UEBA and anomaly detection capabilities within the SIEM that already has very advanced data science and automation built into the solutions.” Security software trends toward consolidationThe move to combine previously disparate security software techniques into consolidated risk management packages is a growing trend, according to Forrester analyst Allie Mellen.“We have been seeing the consolidation of SIEM, UEBA, and SOAR [security orchestration, automation, and response capabilities] for the past few years,” Mellen said. “At Forrester, we call these offerings Security Analytics Platforms —and they are often one of the most used and central tools in the SOC [security operation center] today. Security practitioners use a lot of different tools, and an opportunity to decrease the toolset they need every day is definitely a benefit.” With its new security package, Graylog plans to target medium and large-scale enterprises looking to simplify security routines and replace them with an easy-to-handle, all-around solution.Graylog Security promises features that include a 90% reduction in false positives; 50 prebuilt security scenarios based on the MITRE ATT&CK framework; a machine learning engine that self-trains with just seven days of historical data and without manual interference; a search engine designed to detect and reduce threats within hours; and integration into SOAR platforms.“The considerable reduction in false positives coupled with speedy detection and elimination really has to do with having multiple smart algorithms built within to analyze different scenarios and attacks out there and be able to refine a real risk from noise,” Grolnick said.As a part of its announcement, Graylog also unveiled various improvements that it claimed would ease an analyst’s daily monitoring experience, such as color and sound coding of different logs. Related content brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe