Say Goodbye to Silos: What Does a Unified Defence SIEM Look Like and Why Do I Need One?

In our modern world, it’s easy to believe that data is the new gold. Data is everywhere, it makes the world go round. And you need only consider but a few of the recent cyberattacks to see the very real world impact that data has on people’s daily lives.

For example, just last week on Saturday 20^th September, a cyberattack on Collins Aerospace caused major disruption across Europe at several major airports including Heathrow, Brussels, and Berlin.

So what can be done considering this increasingly fraught cybersecurity landscape, with the growing sophistication of malware placing the data of more and more organisations at risk?

In this article, we consider the consequences of data’s growing importance on the cybersecurity landscape, and why its effective management is so fundamental within this industry. We look at the problem of data silos, and how one company is tackling this problem through a unified and integrated approach to data management.

Read on to find out how Securonix, a leading cloud-native cybersecurity provider, is harnessing the ancient human wisdom of ‘safety in numbers’ to build a Unified Defence SIEM offering comprehensive cybersecurity services for companies operating across Europe, America, Asia, and the Middle East.

We talked to Tim Bury, VP of Europe at Securonix, and Cyrille Badeau, VP of International Sales at ThreatQuotient, a Securonix company, to understand a bit more about how their Unified Defence SIEM works, and how it enables SOCs to embrace the gains of AI and automation more fully.

The problem of silos

First of all, what exactly are silos? In current terminology, the word silo (from the Ancient Greek σιρός, meaning ‘pit for storing grain’) refers to containers used for bulk storage, typically in an agricultural context.

However, when it comes to data, the term silo has come to be associated with outdated and typically inefficient computer systems for data storage. Data silos are a common occurrence especially in larger organisations with multiple branches, or within organisations operating on legacy IT systems.

But what exactly is the problem with having data silos in your organisation? Well, silos essentially split the flow of raw, unprocessed data into isolated storage compartments, thus reducing both the efficiency and observability of data analytics.

Additionally, data silos typically require more storage and compute power than unified data management platforms. This is because of the ongoing yet fluctuating costs of having to transfer data across compartments and/or convert data into different formats on an as-needed basis, as well as the expense of storing growing amounts of data in separate departments.

But in the fast-moving world of cybersecurity, silos can become particularly problematic due to the time-critical nature of threat incidents, as well as the sheer volume of security data, which is expanding by approximately 30-40% year-on-year.

And this is not just hypothetical. According to a Hyperproof survey in 2023, 46% of companies managing security across siloed departments had experienced a breach in 2022, along with 61% of companies adopting an ‘ad-hoc’ approach to security. Meanwhile, only 36% of companies who had adopted an integrated approach to security with manual tools experienced a breach, reducing to just 30% when this approach was combined with automated tools.

It’s not hard to imagine why; having to sift through logs of unprocessed data, request access to data from different departments, and potentially chase up on missing/incomplete datasets, simply in order to respond to a potential security threat is not only a waste of agents’ precious time, but can also give bad actors an upper hand in exploiting an organisation’s data.

However, thanks to forward-looking cybersecurity providers such as Securonix, this picture of inefficiency could soon be one of the past, with many companies now considering observability and transparency as priority features for their data management systems.

“If you’re an enterprise customer, in the past you probably had to work with many different types of platforms, plugging into different areas of technology. But what customers want now is a single pane of glass, they want one place that both their analyst team and their SOC team can be working. And that will have a central data repository, or data lake, where they can bring together all their sources, enabling them to manage everything holistically within one system.” ~ Tim Bury, VP of Europe for Securonix

How does Securonix’s Unified Defence SIEM work?

Through their Unified Defence platform, Securonix promises to transform the experience of SecOps from ‘chaos to control’. But what does this look like exactly?

Essentially, the Unified Defence SIEM brings together several traditionally separated security toolsets under one system powered by agentic AI.

“What we’re really doing is integrating multiple different cybersecurity toolsets into one platform that makes it really efficient and easy for our customers to take the right actions, which then reduces the time it takes to detect and respond to a threat.” ~ Tim Bury, VP of Europe for Securonix

These toolsets include: SIEM (security information and event management), UEBA (user and entity behavioural analytics using machine learning), SOAR (security orchestration, automation and response), TIP (threat intelligence platform), and TDIR (threat detection, investigation, and response).

Securonix is one of a handful of cybersecurity providers offering a Unified Defence SIEM, which fundamentally applies cloud computing principles to cybersecurity operations.

Their approach is grounded on a strong understanding of where AI can bring the greatest value with a human-in-the-loop philosophy, and is rooted in the company’s original specialism in machine learning and data analytics approximately 20 years ago.

“Originally, we started as a UBEA [User Behaviour Entity Analytics] provider, where we were complementing other people’s SIEMs [Security Information and Event Management]. Then we realised it made more sense to do that from just one platform, rather than constantly be integrating with other people’s products. So that was really the second step to creating that seamless solution. From there we incorporated a SOAR [Security Orchestration, Automation, and Response] as well, so really focusing on that front to actually take action on the security violation alerts we were creating. Then there are other elements that we’ve also incorporated, mainly around threat content, which then naturally led to a further enhancement of our platform by our recent acquisition of ThreatQuotient.” ~ Tim Bury, VP of Europe for Securonix

But despite Securonix’s expansion into these different areas of cybersecurity, their origins in UBEA have in no way been forgotten. In fact, this plays a fundamental role in setting the company’s SIEM apart from the competition, as Badeau explains.

“Most of the SIEMs we’ve been working with all kind of do the same thing. They correlate data based on classical technical tools, and then they try to enrich the data to see if there is something they can learn. Securonix is a more advanced data structure where the first layer is about user and machine behaviour capabilities, where we use AI that self-learns about the average usage and the deviations. Of course, it is something that is learned over time, and changes over time. But that’s our first layer on top of which the classical SIEM job is being performed with low correlation things. It means that our analytics on behaviour from users and machines is not just there to generate alerts when there is a deviation, but is being used as constant context to anything else that is put on top of it such as your classical SIEM jobs” ~ Cyrille Badeau, VP of International Sales, Securonix

Enhancing data analytics by combining old data with new, real-time data is a fundamental concept that also underlies the threat intelligence arm of Securonix’s Unified Defence SIEM. This not only ensures that the security data being stored is fully maximised, it also provides invaluable insights into future cybersecurity trends that security agents can then leverage to the advantage of the client.

“We realised that threat intelligence was a key avenue for the business because maybe in the past we missed something just because we did not know about it. So what we can do with threat intelligence is trigger alerts that generate incidents if we go back in time. We don’t just gather intelligence in a given data structure, we also have the notion of time evolution: what we know today is different from what we knew yesterday. And knowing what you did not know yesterday is super important for the right decision. AI gives security teams the ability to stay ahead of adversaries by continuously identifying subtle patterns across massive threat data. This ensures faster, more confident decisions that strengthen resilience, reduce risk exposure, and demonstrate measurable value to the business.” ~ Cyrille Badeau, VP of International Sales, Securonix

The other dimension that enhances Securonix’s threat intelligence capabilities is its combining of internal and external data, i.e. data collected from incidents affecting the company directly, and data collected from incidents happening elsewhere. As Badeau points out, this is not a new concept, but a tried-and-tested strategy used in national defence and military ops.

“The roots of threat intelligence and the roots of enrichment lie in having good access to data from the external world, i.e. threats that happened somewhere else, that enable you to better understand the significance of the threat landscape you are operating in. For example, any advance military missions get a national defence that has different capabilities for detection and response, SWAT teams, etc. They all have a minimum of one intelligence service somewhere, and the value of that intelligence service is not in its own capability, but in its interaction with the field, i.e. how it can learn in real-time from what is really happening in the country to protect the country. The magic of threat-intel within national defence is always the combination of external and internal data being mixed together to identify the high priority thing of today – and that can change tomorrow.” ~ Cyrille Badeau, VP of International Sales, Securonix

A tiered approach to data

Given the bleak reality that most SOCs today are drowning in the sheer volume of security data, you might be wondering just how Securonix, with its in-depth focus on data analytics yet comprehensive coverage of cybersecurity toolsets, manages to avoid the problem of data overload and silos.

The magic here lies in their tiered approach to data management. If you think of siloed data management as a vertical system with the data being stored in columns that represent different departments, tiered data management can be understood as a horizontal system with data being stored in rows that represent increasing/decreasing levels of priority. Essentially, a tiered data management system categorises data according to smarter metrics.

“What we are doing is actually looking at all the little data sources – we’re looking for the identifiers that a set of correlated events, when combined together through threat-chaining, become significant. We do this by associating a risk score to each type of event, and as you combine those, you can begin to see patterns which float up to the surface, and what you end up with is a prioritization of data based on risk.” ~ Tim Bury, VP of Europe for Securonix

The system is also ‘smart’ in the sense that it uses self-learning AI algorithms to carry out this categorisation. This means that as more data is fed into the system, the smarter and more comprehensive it becomes, giving security analysts a hint of what the future of work in this industry could look like, with intelligent virtual assistants carrying out a large portion of the groundwork.

As you can imagine, this smart form of data categorisation is a key part of the company’s outcome-based strategy and is a great example of how AI can be used to streamline data pipelines for more results-driven data analysis.

But fundamentally, this strategy is essentially about cutting out unnecessary work, and by extension, unnecessary cost. It ensures that each type of data is treated according to its relative importance within the goal of the investigation, and that full data analytics (which are expensive to run) are not wasted on trivial or irrelevant pieces of data.

“Not all data is the same, some needs to be enriched, some needs to go through behavioural analytics in order to be screened for anomalies. Other data could simply be, for example, compliance regulations for your bank, such as needing to store information for 7 years. This type of data, for example, would be in a relatively low tier, and would only need to resurface occasionally in an investigation. Then there are other tiers where we don’t need to enrich data to the same level, or carry out behavioural analytics, but you might still want to use it for an investigation, so it still needs to be accessible.”

“Our Data Pipeline Management Agent routes data appropriately and efficiently within the tiered system. That’s because security data, which requires full analytics, is significantly more costly to manage than non-security data. This can drive a 50% or more reduction in cost, which helps the CISOs get the same amount of value for the product but without paying for what they don’t need.” ~ Tim Bury, VP of Europe for Securonix

Why do I need a Unified Defence Platform?

Essentially, you can think of Securonix’s Unified Defence SIEM as a solution to the problem of data security that kills two birds with one stone:

1. It eliminates the risk that comes from data silos via its integrated, tiered approach to data management.
2. It lays the groundwork for AI, enabling organisations to organise their data in a secure and accessible format that will allow them to embrace the efficiency gains of automation.

For the modern business, these two objectives are critical for not only building a resilient cybersecurity posture in the face of increasingly sophisticated threat landscape, but also for maintaining public and stakeholder support. The latter consideration in particular has become increasingly important in recent years, with public interest in cybersecurity being fuelled by the proliferation of AI technologies affecting people’s daily lives.

As Bury explains, adopting a unified approach to cybersecurity is now more than just a prerogative for CISOs; it’s a board-level necessity that is integral to the very reputation and direction of a business.

“Having a unified approach is about being breach-ready, and making sure you have the tools in place to be able to pinpoint where the problems are, where you need to investigate, and not spend all your time chasing herrings that aren’t really problems. Secondly, it’s also very much about being board-ready, because cybersecurity is no longer just a CISO problem, it’s also a board-level problem. In the States, for example, if there is a breach, it is a jailable offence for an executive. Since there’s real consequences to this now, you have to be board-ready, i.e. be able to answer the questions of your shareholders and investors at a board level and show them how you are secure and breach-ready. Then the third element of the unified approach lies in being AI-powered. And what I would say is that if you’re not prepared to be AI-powered in order to be breach-ready and board-ready, then you might be in the wrong industry because it’s becoming all about how AI can enable successful business outcomes.” ~ Tim Bury, VP of Europe for Securonix

Last but not least, Securonix’s Unified Defence SIEM is fundamentally for organisations who want to maintain the highest level of security at minimal cost. According Badeau, while traditionally there has been a trade-off between the quality of security and the cost of the human resources required to achieve it, AI is now changing this picture, enabling Securonix’s customers to get the best of both worlds.

“An integrated solution is really about considering everything that can trigger an alert, whatever source it is from. And really, you don’t have much of a choice if you want to do a perfect job. We tend to meet with prospective clients who absolutely want to do a perfect job, but they also want to control the cost. And in my opinion, while it’s still possible to do perfect security without an integrated solution, it would cost a fortune in terms of human resources, and people don’t want to pay for that.” ~ Cyrille Badeau, VP of International Sales, Securonix

The takeaway: key benefits of Securonix’s Unified Defence SIEM

• Intelligent automation cuts response time by 60% and manual workload by 50%.
• Outcome-based strategies and optimised data usage to cut storage and compute costs by 30-50%.
• Agentic AI automating threat detection, investigation and response can reduce analyst workload by 50%.
• Brings together SIEM, UEBA, SOAR, TIP, and TDIR.
• 365 days of hot, searchable data and exec-level reporting, making it ‘board-ready’.
• Unifies internal and external data for more contextually accurate insights.
• Advanced behavioural analytics and autonomous response capabilities.
• Built on a ‘tiered threat system’, where an AI agent analyses security logs, recommending which can be moved to lower-cost storage tiers because they are not triggering any security policies.