Graylog is consolidating SIEM and UEBA (anomaly detection and user entity behavior analytics) in its new security package for streamlined detection and elimination of enterprise security threats . Credit: iStock Graylog is extending its SIEM (security information and event management) software with anomaly detection and user entity behavior analytics (UEBA) to provide organizations with a software suite that combines and streamlines security techniques designed to handle a wide range of risks related to insider threats, credential-based attacks, and other cyberthreats.SIEM products and services combine log data collection and reporting with real-time analysis of security alerts generated by applications and network hardware. The features in Graylog’s new consolidated package — called Graylog Security and announced at its recent annual user conference — include AI and automation techniques and are meant to simplify risk management and make security teams more productive.SIEM and log management solutions can be very complex, slow and unscalable, according to Graylog CEO Andy Grolnick. Graylog Security is designed to overcome these long-time challenges, he said. “Historically, anomaly detection and UEBA capabilities have tended to be very complex, expensive, and would require data scientists or experts with advanced capabilities on your staff to get everything to work,” Grolnick said. “So we’re introducing the first UEBA and anomaly detection capabilities within the SIEM that already has very advanced data science and automation built into the solutions.” Security software trends toward consolidationThe move to combine previously disparate security software techniques into consolidated risk management packages is a growing trend, according to Forrester analyst Allie Mellen.“We have been seeing the consolidation of SIEM, UEBA, and SOAR [security orchestration, automation, and response capabilities] for the past few years,” Mellen said. “At Forrester, we call these offerings Security Analytics Platforms —and they are often one of the most used and central tools in the SOC [security operation center] today. Security practitioners use a lot of different tools, and an opportunity to decrease the toolset they need every day is definitely a benefit.” With its new security package, Graylog plans to target medium and large-scale enterprises looking to simplify security routines and replace them with an easy-to-handle, all-around solution.Graylog Security promises features that include a 90% reduction in false positives; 50 prebuilt security scenarios based on the MITRE ATT&CK framework; a machine learning engine that self-trains with just seven days of historical data and without manual interference; a search engine designed to detect and reduce threats within hours; and integration into SOAR platforms.“The considerable reduction in false positives coupled with speedy detection and elimination really has to do with having multiple smart algorithms built within to analyze different scenarios and attacks out there and be able to refine a real risk from noise,” Grolnick said. As a part of its announcement, Graylog also unveiled various improvements that it claimed would ease an analyst’s daily monitoring experience, such as color and sound coding of different logs. Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe