Does the US Government Need a More Powerful SIEM?


The White House published a review regarding the last Christmas attempted terrorist attack.

I briefly read the document and noticed some interesting facts:

  • The thorough analysis of large volumes of information has enabled a variety of departments and agencies to take action to prevent attacks.
  • Yet, as the amount of information continues to grow, the challenge to bring disparate pieces of information – about individuals, groups, and vague plots – together to form a clear picture about the intentions of our adversaries grows as well.
  • The information that was available to analysts, as is usually the case, was fragmentary and embedded in a large volume of other data.

And in the key findings: “Information technology within the CT community did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information.

What do we learn here? The US Government is facing exactly the same problems as many companies and organizations: The amount of information to analyze keeps growing and powerful tools are required to extract the real value of this “flood”. Sources of information also change and the collection process must be adapted to take them into account. Incident management procedures must be in place when an alarm is triggered. With one major exception: in the case of US Government, lifes are involved…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.