his month, SC Labs reviewed several UTM (Unified Threat Management) /NGFW (Next Generation Firewalls) and SIEM (Security Information and Event Monitoring) solutions. The products provided to SC Labs would be a great addition to any organization looking to mature their security posture.
The thought behind the UTM was to provide a device or software solution that provided multiple security functions to protect your organization’s infrastructure from a wide range of threats and do it all from a single location. In the past few years, more and more companies have included UTM features into their firewall offerings creating this NGFW.
The concept for SIEM began as a threat-hunting toolset, as well as a method for incident response. To assist with the threat hunting activities, the modern SIEM provides a forensic analysis tool with centralized, secure log management. After an event, logs are therefore protected from corruption and cannot be modified. As the threat landscape changes, the line between these two solution families is being blurred, with function sets coming ever closer together.
Are we on the verge of seeing SIEM solutions add more UTM capabilities?