Operational resilience

February 17, 2025

20 years ago, there was widespread adoption of traditional Security Information and Event Management (SIEM) solutions. Its proven capabilities have meant SIEM is now an integral part of the security stack for most organisations.

The SIEM market has since evolved, with an expansive range of functionality now available to meet customers’ needs. Next-Gen SIEMs, the incorporation of user and entity behaviour analytics (UEBA), and the increased discussion of Extended Detection and Response (XDR), to name a few. While most SIEMs tick the basic requirements, there are growing trade-offs in the purchasing decision between functionality, operating costs, complexity and platforms. Organisations must consider architecture, governance and strategy to ensure the best solution fits their use case.

Changes in the SIEM market

This year has been different to the technical competition of previous years. We have seen almost more changes in ownership of SIEM vendors than the technologies themselves. Some investors are taking the opportunity to fill gaps in their product portfolios or increase market share. Additionally, the disappearance of some long-term players is likely to impact product development roadmaps. How, these changes will affect the market is not yet clear. Smaller participants will inevitably seek to scale and big tech players will continue to simplify SIEM offerings to meet mass market appeal while also looking to aggregate and bundle their predominantly cloud-based offerings.

While this probably doesn’t present immediate concerns for most day-to-day security operations, it should prompt a review of your cyber security strategy and technology needs going forward. Governments and regulators everywhere are highlighting the growing importance of cyber security resilience. This includes its relevance to the broader operational risk management activities of enterprise.

The impact to your organisational resilience

The integration of Threat Detection, Investigation and Response (TDIR) and Exposure Management solutions is re-defining SIEM technology. We are actively seeing how quantitative risk-based security information informs and guides analyst workflows to streamline SOC operations. This coincides with the recent consolidation in the SIEM market which is changing the options available to security and management teams. 

The timeliness and relevance of security information available from SIEM technologies has never been more important for the protection and resilience of your organisation and its operations. Information from your SIEM and SOC operations is no longer just about compliance and threat response. This information now goes beyond security teams. Operational and executive teams have an increasing stake in this information and are being held responsible for organisational resilience management. Some organisations seek to simplify their SOC operations and reporting and others are looking to integrate those activities more seamlessly into their cyber security governance to meet changing corporate disclosure obligations.

As cyber security guidance and frameworks sharpen their requirements, 2025 is a good year to start look at the SIEM market again, even for companies and SOC teams that are comfortable with their current choices. At the same time, investigating the link between threat detection, mitigation and the management of high-fidelity exposures will change the cadence and availability of evidence-based SIEM. As a result, this will impact the cyber security governance processes that are increasingly being sought by regulators.

Huntsman Security is here to help

It’s important to investigate how to improve the fidelity of threat information and as a result your cyber security resilience. Additionally, the management of your cyber security and how it fits with your operational risk management activities has both technical and architectural implications. As a result, it is certainly timely to contemplate how your organisation will meet the ongoing organisational resilience requirements of industry regulators and the strategic and technical decisions you will need to make to get there.

BLOG POSTS

Related Cybersecurity Content

Operational resilience deadlines loom

February 3, 2025

Operational Resilience (OpRes) has been in the news a lot over the last few years. Advisories, white papers and conferences have all addressed the importance of cyber security resilience and its role in protecting the ongoing operations of enterprise. With almost every business function, in some way, reliant on your IT assets and data the […]

Read more

Cyber security observations from 2024 – we’re still rolling-the-dice

January 22, 2025

In 2024, we saw real progress with cyber security being recognised as a factor in organisational resilience. Senior executives and directors became increasingly aware of the need for its oversight. Yet, as we look in the rear-vision mirror back to 2024, we see organisations continuing to roll-the-dice when it comes to cyber security. As we […]

Read more

In 2025 we predict: A growing adoption of threat exposure management in large and small organisations

January 13, 2025

The effective management of cyber security is an increasing priority for organisations everywhere. For those familiar with risk management principles, cyber security is more than another operational risk to be dealt with. Meanwhile, for those with less cyber security awareness, the discipline of rules-based risk management frameworks and checklists will support the management process. The […]

Read more

Cyber Security Predictions for 2025

November 15, 2024

Access Huntsman Security’s report to learn about the five areas that we anticipate will have a noteworthy impact on the cyber security landscape in 2025 and beyond.

Read more

Challenges in Cyber Security Auditing

September 2, 2024

Cyber security risks to businesses continue with a growing number of more skilled, well-funded, state-backed, and motivated attackers. The IMF reports that the costs of worst-case breaches have jumped four-fold to USD$2.5bn. Boards are undergoing legal and regulatory pressure to safeguard data, privacy and business resilience. This is most acute in finance, critical infrastructure and […]

Read more

Essential Eight – what’s next?

August 23, 2024

Completing an E8 risk assessment ticks some important boxes. It provides the security team, and hopefully business leadership, information about the state of the organisation’s security controls and posture, which helps them fulfill their increasing IT security reporting obligations.

Read more

CRITICAL INFRASTRUCTURE: The Changing Landscape

July 30, 2024

No doubt continuous improvement motivates your organisation, and the new perspectives on cyber and operational risk management are part of your strategic objectives – requiring an ever-evolving posture to deal with changing risks and the environment.

Read more

The shift to zero-trust is important, but it’s not the end of the story

June 28, 2024

The intent and principles of zero-trust are compelling, but what’s important is that even when zero-trust principles are in place, threat detection and even preventative security shouldn’t be forgotten.

Read more

NIST Cybersecurity Framework 2.0

June 5, 2024

Since its introduction in 2014, the NIST Cybersecurity Framework (CSF) has become a foundational cyber security standard. Originally devised for the critical sectors that support infrastructure and public services, its adoption as a source of reference internationally, means it now extends well beyond that.

Read more

The 2024 UK Government Cyber Breaches Survey

May 15, 2024

Released on April 9th, 2024, this year’s cyber security breaches report from the UK government makes for interesting reading.

Read more

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.

Marketing(Required)
Agree(Required)