Graylog unites SIEM, AI-based anomaly detection in new security suite

Graylog is extending its SIEM (security information and event management) software with anomaly detection and user entity behavior analytics (UEBA) to provide organizations with a software suite that combines and streamlines security techniques designed to handle a wide range of risks related to insider threats, credential-based attacks, and other cyberthreats.

SIEM products and services combine log data collection and reporting with real-time analysis of security alerts generated by applications and network hardware. The features in Graylog’s new consolidated package — called Graylog Security and announced at its recent annual user conference — include AI and automation techniques and are meant to simplify risk management and make security teams more productive.

SIEM and log management solutions can be very complex, slow and unscalable, according to Graylog CEO Andy Grolnick. Graylog Security is designed to overcome these long-time challenges, he said.

“Historically, anomaly detection and UEBA capabilities have tended to be very complex, expensive, and would require data scientists or experts with advanced capabilities on your staff to get everything to work,” Grolnick said. “So we’re introducing the first UEBA and anomaly detection capabilities within the SIEM that already has very advanced data science and automation built into the solutions.”

Security software trends toward consolidation

The move to combine previously disparate security software techniques into consolidated risk management packages is a growing trend, according to Forrester analyst Allie Mellen.

“We have been seeing the consolidation of SIEM, UEBA, and SOAR [security orchestration, automation, and response capabilities] for the past few years,” Mellen said. “At Forrester, we call these offerings Security Analytics Platforms —and they are often one of the most used and central tools in the SOC [security operation center]  today. Security practitioners use a lot of different tools, and an opportunity to decrease the toolset they need every day is definitely a benefit.”

With its new security package, Graylog plans to target medium and large-scale enterprises looking to simplify security routines and replace them with an easy-to-handle, all-around solution.

Graylog Security promises features that include a 90% reduction in false positives; 50 prebuilt security scenarios based on the MITRE ATT&CK framework; a machine learning engine that self-trains with just seven days of historical data and without manual interference; a search engine designed to detect and reduce threats within hours; and integration into SOAR platforms.

“The considerable reduction in false positives coupled with speedy detection and elimination really has to do with having multiple smart algorithms built within to analyze different scenarios and attacks out there and be able to refine a real risk from noise,” Grolnick said.

As a part of its announcement, Graylog also unveiled various improvements that it claimed would ease an analyst’s daily monitoring experience, such as color and sound coding of different logs.