Events

Why detecting hackers quickly matters

Finding intruders quickly is vital in today's noisy networks.

Paul Mah

Paul Mah

2 min read
Why detecting hackers quickly matters
Photo Credit: Paul Mah

Intelligence turns random logs into early warnings. That's the understanding I walked away with after chatting with Elastic's Jie-Hong Lim at GovWare 2025.

Cybersecurity experts are now mostly in agreement that it's not a matter of whether an organisation is hacked, but when it happens. The issue is with detection.

This is a Content Collaboration with Elastic
Photo Credit: Paul Mah.

Hidden in the noise

The modern network is an extremely noisy place. File transfers, system updates, and user activities blur into a cacophony of digital noise.

And it is this environment that allows hackers who have gained a beachhead to find and compromise other systems via "lateral movement." With enough time, hackers will eventually hit the jackpot by breaking into a critical system. This makes finding intruders quickly not just desirable but vital.

Easier SIEM

One approach is SIEM, or Security Information and Event Management. It works by collecting log files, alerts, and telemetry from a wide range of systems - VPN gateways, anti-malware software, authentication systems, switches, routers, firewalls, and much, much more.

The idea is to capture all possible signals to better correlate "ripples" that indicate the presence of invisible intruders.

There is just one problem: SIEMs are complex and require highly skilled experts to deploy and manage effectively.

Reducing the complexity

According to Jie-Hong, Elastic offers certain benefits to organisations looking to roll out an SIEM.

The ones that caught my attention are a cost-efficient platform for data storage, the option of on-premises or in the cloud, built-in AI assistance and discovery, and integrated support for cybersecurity systems.

With AI assistance, a team member can use natural language queries to quickly drill down into individual alerts, or to streamline discovery across multiple assets.

Unlike platforms without integrated support, detection rules, visualisation tools, and support for file formats are ready out-of-the-box. By reducing the complexity, even junior team members can now do more advanced tasks such as detecting new malware or threat hunting.

Not magic

To be clear, the typical SMB is probably better off with a managed service provider than rolling out an SIEM.

What's your biggest bugbear with cybersecurity solutions?

Read more