Six Reasons To Move Your SIEM To The Cloud

Uploaded on 2020-08-11 in TECHNOLOGY--Resilience, FREE TO VIEW

Security Information and Event Management (SIEM) solutions enable you to centrally manage security, unifying a wide range of capabilities including monitoring, audits, alerts, threat identification, and more. You can deploy SIEM either on-premises or in the cloud.

On-premises SIEM provides a high level of control, but it also requires a high level of expertise and an appropriate budget. Cloud SIEM, on the other hand, enables you to grow at scale and outsource security talent, but you usually get less control. 

This article explains the main differences between cloud and on-premises SIEM in terms of IT resources, control, and costs, and examines six advantages organizations gain when moving their SIEM to the cloud.

What Is SIEM?

Security information and event management (SIEM) solutions are tools you can use to monitor, audit, and alert on events in your systems. These solutions provide a toolbox of features in a centralized platform to make securing your assets and responding to alerts easier. 

Using a SIEM, you can aggregate data from your distributed IT and security tooling. Solutions can then correlate this data to identify possible threats, provide contextual information about events, and alert you to issues that need review. These capabilities make SIEM solutions a key tool in incident response processes and can make compliance auditing and reporting more reliable.

SIEM solutions have become standard in many organizations due to the increasing number and severity of cyberattacks and regulations. For example, compliance regulations like GDPR and PCI-DSS require logs to be securely maintained, preferably in a centralized location. 

SIEM: Cloud vs On-Premises
When implementing SIEM, you have the option to deploy your solution on-premises or in the cloud. Cloud solutions can enable organizations to begin operations right away since configuration and installation are managed. In contrast, on-premises implementations require in-house configurations and often take longer to begin using. 

IT Resources
Faster startup and fewer responsibilities for in-house teams are important considerations since IT teams may be short staffed. Around two-thirds of companies report a shortage in IT skills, leaving organizations unable to meet IT demands. With cloud SIEMs, particularly those offered by managed service providers, organizations can outsource expertise rather than sacrificing security. 

Control
Another important consideration is the amount of control you need over your SIEM and log data. On-premises implementations can provide significantly more control and may be required for highly sensitive or restricted data. However, this requires teams to manage integrations and maintenance on their own. This may be a worthwhile trade-off for larger organizations with dedicated developers but less realistic for smaller or less technical teams. 

Cost
The cost of an implementation is a major consideration. When SIEMs are hosted on-premises, the upfront costs are greater. You can pay down technical debt over time but you may face additional costs if you need to upgrade servers or if storage demands exceed resources. 

In contrast, cloud SIEMs have a lower upfront cost but ongoing subscription costs. In exchange, you pay only for resources that you are actively using. You can also scale your implementation as needed without having to purchase or install additional hardware. 

Six Reasons to Move Your SIEM To The Cloud

According to IDG’s recent study, the benefits of cloud SIEM solutions outweigh the downsides for many organizations. Below are six reasons (detailed in the study) highlighting how cloud SIEMs can benefit your organization.

1. Updating and scaling solutions
IDG found that 68% of those surveyed had deployed SIEM solutions more than three years ago. While some of these solutions may be comparable to modern cloud SIEMs, many older on-premises solutions lack the technologies that cloud SIEMs incorporate. For instance, user and entity behavior analytics (UEBA), which can help identify unknown threats.

Additionally, although you can match on-premises solutions to your needs at the time of implementation, these solutions are not very scalable. As your organization grows, the number of components and data you hold expand. Cloud solutions can scale with this growth while your available hardware limits on-premises solutions.  

2. Providing unified monitoring and correlation
Cloud systems are typically better at aggregating data across environments, including hybrid systems. This is because solutions are already integrated with cloud resources and can often leverage built-in integration tooling available from cloud providers. 

The ability to ingest data from sources across your system, regardless of platform, eliminates the need to correlate or import data manually. This unification results in more complete analysis and faster detection times. 

3. Avoiding alert fatigue
DevOps monitoring can be one of the most time consuming aspects of security, particularly when teams have to wade through thousands of alerts. These alerts can result in alert fatigue, reducing teams’ abilities to respond to alerts effectively. 

According to the IDG study, alert fatigue was reported as a challenge for 46% of respondents using on-premises SIEM solutions. With cloud solutions, this dropped to 33%. This fatigue was reflected in a 7% increase in response times from cloud to on-prem and a 23% increase in missed threats.

This difference is in part because cloud solutions tend to be easier to automate. For example, solutions can be tied to serverless services, triggering response actions when alerts are sent. This reduces the number of alerts that teams need to handle manually and enables them to focus on more urgent threats.

4. Improving user experience
Cloud-based solutions can make interacting with your SIEM easier and more efficient for users. Interfaces are often accessible through web portals, enabling multiple users to access data at once. Additionally, because solutions are scalable, analysts face fewer limitations on the size of data queries they can perform or the number of reports generated. 

Additionally, cloud solutions provide greater availability than on-premises solutions, ensuring that work isn’t interrupted. This is because cloud solutions come with service level agreements ensuring uptime and typically include data redundancy while on-premises solutions present a single point of failure.

5. Reducing capital expenses and technical debt
IDG found that the average organization was spending $580k per year on their SIEM solution. This cost includes licensing, infrastructure, staffing, and ongoing software costs. In comparison to on-premises solutions, cloud solutions were found to cost 11% less on average. This reduction was due to reduced overhead and infrastructure maintenance costs.

While investing in cloud solutions is still expensive, it can significantly reduce an organization’s capital expenses and technical debt. Cloud SIEMs are typically based on subscription costs. This means that organizations can adopt new solutions or change licensing more freely with less financial waste.

6. Increasing flexibility
Cloud solutions enable distributed collaboration in a way that on-premises systems often can’t. For example, by enabling you to work with distributed security and response teams through web-based interfaces. With cloud systems, you can help ensure that all your sites have dedicated and available professionals without sacrificing available skillsets.

Conclusion

On the surface, the decision whether to move to the cloud may seem simple. However, the cloud offers much more than simple scalability—it offers extended capabilities organizations may not be able to achieve on-prem. 

Many cloud SIEM solutions come equipped with UEBA capabilities. In some cases, cloud vendors offer solutions for hybrid infrastructure - enabling visibility across environments. Other cloud SIEMs also provide DevOps monitoring features, which can significantly reduce false positives and help avoid alert fatigue.

There are many more capabilities organizations can achieve with cloud SIEM deployments. However, not all capabilities are needed in all cases. Organizations should strive to first assess their needs, inventory their assets, and choose a solution that meets the needs of the organizations—in terms of compatibility, as well as features. 

____________

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.
 ____________

You Might Also Read: 

Cloud Security Is Different:

 

« Breaking Up Big Tech
Which Industries Suffer Most From Remote Working? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Digital Shadows

Digital Shadows

Digital Shadows is a cyber threat intelligence company that helps clients discover sensitive data exposed through social media, cloud services and mobile devices

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Charterhouse Voice & Data

Charterhouse Voice & Data

Charterhouse is your trusted technology partner - designing, provisioning and supporting the technology that underpins your operations including network security and data compliance.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.