SIEM, Meet the Public Cloud

The security analytics/operations technology model is in the middle of a huge shift.

Allison Francis

April 1, 2019

4 Min Read
SIEM
Shutterstock

Security information and event management (SIEM) systems have evolved quite a bit over the past 19 years. There have been quite a few shifts throughout that evolution, with different vendors, use cases and functionalities dancing in and out of the frame.

In simple terms, SIEM’s evolution started from a simple tool designed to help organizations achieve and maintain compliance, and spun into a complex threat-detection system that allows security operations center (SOC) analysts to respond to incidents more quickly and effectively.

SIEM has exploded into a $2.5 billion market, dominated by major players such as Splunk, IBM, LogRhythm and AT&T (AlienVault), according to CSO.

In technology, evolution is a good thing, right? Generally, yes; however, it’s said by some that SIEM has gotten a little too big for its britches. Trying to take on too much.

One of the reasons SIEM software for security operations is getting so much attention nowadays is because of its new, added capabilities.

Musich-Paula_EMA.jpg

EMA’s Paula Musich

“Now a lot of SEIM technologies bring in threat-intelligence feeds in addition to traditional log data, and there are multiple SIEM products that have security-analytics capabilities that look at network behavior as well as user behavior to give more intelligence around whether an activity indicates malicious activity,” explained Paula Musich, research director at Enterprise Management Associates (EMA).

Technology research firm Gartner is all about this. In its May 2017 report on the worldwide SIEM market, Gartner calls out the stellar SIEM tools, saying “innovation in the SIEM market is moving at an exciting pace to create a better threat detection tool.”

This is all well and good, but as SIEM scaled, organizations understandably began to need more and more hardware tiers to keep up with this added performance and scale. This has led to a situation where SOC personnel have to throw all of their focus and energy at activities such as threat detection and incident response, and forensic investigations are dependent upon SIEM infrastructure teams to upgrade hardware, load balance servers and add storage capacity.

Goodbye On-Premises Servers, Hello Public Cloud

This year, it is predicted the security analytics/operations technology model will start to undergo a sizeable shift — it’s about to get a bit cloudy. Over the next few years, experts say that the SIEM backend will migrate from on-premises servers to public cloud infrastructure.

This transition to cloud-based alternatives already has begun, spurred by shifts on the supply-and-demand side of things. CISOs and MSPs will likely go after cloud-based SIEM solutions because of the following reasons, as outlined by CSO:

  • Huge growth in security data. According to experts, organizations collect, process, and analyze a lot more security data than they did two years ago. Continuous security-data growth means more infrastructure, personnel, and more operational tasks.

  • Higher software costs. Some SIEM vendors basing their pricing on the amount of data under management. “I’ve heard CISOs complain that it’s not unusual for them to blow through a three-year SIEM budget in a year,” shared Jon Oltsik, a principal analyst at Enterprise Strategy Group ESG.

  • Unacceptable tradeoffs. Considering the new capacity-based pricing of SIEM software, many organizations are being forced to ignore or get rid of valuable security data that they would have normally stored and analyzed. Frankly, this is a lousy choice for security analysts to have to make.

  • Cybersecurity and IT skills shortages. Ahh, the classic problem of not having enough skilled personnel. Because of this, CIOs and CISOs are forced to make the decision whether they want to hire and retain personnel dedicated to the exhaustive care and feeding of networks, servers, and storage devices.

For CISOs and providers, cloud-based SIEM can …

… help conquer all of these issues.

Becker-Bryan_Kroenke-Sports.jpg

Kroenke’s Bryan Becker

“Like many other businesses that are rapidly moving to the cloud, and considering the massive growth of data in the enterprise (especially security data), folks are trying to gain visibility and functionality for a knowable cost,” said Bryan Becker, vice president, information security at Kroenke Sports & Entertainment.  “We know as security leaders that security is turning into a big-data problem in which organizations need all of their security data, telemetry and logs in one place with the ability to analyze that data with modern tools. Opex subscription services … are highly appealing.”

As for the supply side, vendors and cloud service providers are getting in on the action as well. Hungry for blossoming market opportunities, they will likely help push cloud-based SIEM into the market.

This is a phenomenon that shows no sign of slowing down, and it’s either get on board or be left behind.

“In my humble opinion, the writing is on the wall — security analytics/operations is a big-data application, and big-data applications are moving to the cloud,” said Jon Oltsik of analyst firm ESG. “CISOs who still distrust the public cloud must face this fact. They will either figure out how to peacefully coexist with cloud-based cybersecurity analytics/operations or be left in the dust.”

About the Author

Allison Francis

Allison Francis is a writer, public relations and marketing communications professional with experience working with clients in industries such as business technology, telecommunications, health care, education, the trade show and meetings industry, travel/tourism, hospitality, consumer packaged goods and food/beverage. She specializes in working with B2B technology companies involved in hyperconverged infrastructure, managed IT services, business process outsourcing, cloud management and customer experience technologies. Allison holds a bachelor’s degree in public relations and marketing from Drake University. An Iowa native, she resides in Denver, Colorado.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like