Relational databases becoming the poor relation in the SIEM space?

It was announced this week that Intel (who own McAfee) have developed and deployed an in house security munging system which sounds very much like an SIEM correlation engine based on a Hadoop Big Data back end.

Current SIEM technologies typically normalise logs and events into relational databases which must have extensive, often sparsely populated tables to support all eventualities.

Inefficiencies, structure and increasingly licensing and support costs of relational databases together with an explosion of system log data data, often poorly structured, at least not structured to a structured template are making Big Data a compelling platform for security event storage and subsequent processing.

The ITC NetSure360 security management platform has been powered by the market leading HP Arcsight ESM solution , which replaced the Cisco MARS (formerly Protego) in 2009.

At ITC we understand that technology moves on and technical components come and go. It would appear that the world of SIEM is in for a Big Data shake up and we are ready to embrace the change. It will be interesting to see if the Intel in-house system filters down to security product, not guaranteed in the mad world of massive enterprise, even if t makes perfect sense. Similarly we are following developments at Arcsight, Alien Vault, McAfee and IBM to name but a few.

We think Big Data makes sense with, well big data. What do you think?

Contact ITC at [email protected] to discuss our NetSure360° security, performance and network management platform.