Welcome!

Related Topics: @CloudExpo, Microsoft Cloud, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo

@CloudExpo: Article

How Cloud-Based SIEM Frees That One Hand Tied Behind Your Back

Changing the culture from reactive to proactive security strategies

Have you ever been asked to fight the state boxing champion with one hand tied behind your back? Or metaphorically experience the old adage of bringing a knife to a gunfight? Many security professionals face this scenario every day.

For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security--just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management. Executives simply expect IT security to do more with less.

But the ability to recruit and retain security experts is an issue in itself. At the MSPAlliance meeting this week in Orlando, it was reported that the unemployment rate for such professionals is less than 1%. The salary for these specialists has doubled in the past three years. No wonder there is a critical shortage to feed this growing monster. And executives are still wary to spend budget on security line items-including staffing. It is still regarded (mistakenly, I might add) as a cost center.

It is that reason why SIEM isn’t more prevalent in security initiatives. It’s expensive. It’s resource-intensive. It's too complex. It's difficult to implement. It's difficult to configure. Customization takes advance training, it take time, takes skills…Many security professionals recognize it can be a game changer, but in terms of bang for the buck, it tends to stay on the wish list. Organizations need to reprioritize and reconsider SIEM as one of the pillars of enterprise security strategy—a cornerstone that correlates across silos and countermands each one of the criticisms noted above.

We recognize risk is rising. From every survey, report and anecdote, security issues are becoming a more significant and louder talking point.  Everything from the introduction of new technologies, the morphing of infrastructures beyond network perimeters, to threats of breach, shadow IT and other internal vulnerabilities indicates that managing a firewall and filtering email is not enough.  This is not to ratchet up the rhetoric to encourage investment in security solutions, but a chance to reprioritize security and evaluate how and when a SIEM initiative might enhance capabilities without the cost and resource baggage so many apply to it.

Let’s also recognize that traditional deployments of SIEM are just not feasible for far too many companies. On premise options are cost-prohibitive. The time to monitor activity (especially in real time) is overly demanding considering other priority responsibilities. The expertise to integrate and correlate data across multiple silos and leverage their layered results into strategic action is a skill set very high in demand and hard to capture. And If I have security budget at all, I am going to invest in options in which the scope is fully affordable, manageable and fully functional. In security, solving 50% of the problem still leaves you 50% vulnerable.  All true, until you consider cloud security options.

Cloud-based SIEM certainly alleviates many of the above issues dealing with cost, deployment issues, scope fulfillment and the necessary expertise to monitor your network.

When evaluating SIEM initiatives there are a few requirements you need to consider so that you pick the best tool and process combination to close the vulnerability gap in a company. From a functionality standpoint you need a strong correlation engine. This is the foundation of situational context which allows you to discern white noise and harmless burps from true suspicious activity. Intrusion detection security without context is simply driving with one eye closed---you lose depth perception and true threat understanding. You also need real time monitoring. Looking at logs a week later may suffice for compliance needs, but any threat discovered is a week old. Classic reaction mode—but it’s neither reaction nor response, it’s mop-up and repair. Unless SIEM or log archive has a time machine module, the damage is done.

With SIEM you also need clear scope—what do you want it to monitor, what are the parameters of data synthesis, what are the response and alert protocols? You also need a process for asset classification and prioritization, data normalization and categorization of data.

The beauty of cloud-based SIEM is that a true security as a service does all the heavy lifting. It is that expertise and additional headcount you need without the CapEx costs of hardware, software, salary and the soft costs of employee benefits, training, ramp time. With all the buzz about the of cloud and it’s lack of security…this IS that security. Cloud-based SIEM is not a porous app or some subscription service sitting exposed on a server in some lonely rural business park. A cloud-based SIEM must be an extension of your own strategy…it must provide enterprise-class capability on par with any alternative version (on premise, hybrid or otherwise). When evaluating these options, simply make sure they ‘re aligned with your expectations.

But I want to take this one step further. And it moves the focus beyond SIEM. Jon Oltsik, Senior Principal Analyst at the IT strategy firm ESG he said at a webinar I attended recently, “We need integration between tools and we need better intelligence.” And he’s absolutely right.

As I alluded earlier, must SIEM should tightly integrate with Log Management. I contend that is only part of the equation. SIEM should also leverage the data collected from other security cornerstones such as identity management and access management. This unified approach is the nexus of intelligence. When considering SIEM, you should ensure that it is configured so that it collaboratively leverages data from a variety of sources so it can give you visibility; give you the details to tell friend from foe from phish from phantom.

Yet this presents another set of issues. So many solutions create so many dashboards. It is highly likely a company has multiple security systems, each looking at its own sector (i.e. Identity management is only concerned with the provisioning and de-provisioning accounts).An IT professional can easily be overwhelmed with all the check points—and then responsible for the forensic analysis to see the overall threat landscape. Centralization in a cloud-based SIEM solves the issue. In a true unified platform, all the necessary data is correlated and filtered into a single centralized dashboard. This, in turn, creates the visibility that provides the intelligence which feeds the strategies and tactics to better secure a network and all its proprietary assets.

The other issue is cost. I just recommended a company not only needs to invest in SIEM, but log management, access management, SSO and identity management. Again, I point to the cloud as the answer. By bundling these solutions as a single source, unified platform delivered and managed from a multi-tenant cloud, not only are the cost savings palpable, but the immediate deployment kick starts any initiative (you don’t have to wait a year or three to fully realize the benefits of an enterprise solution). You gain so many more capabilities you would have otherwise not been able to apply.

And with the influx of new complexities, increased threat landscapes, relentless compliance pressures, and the acknowledged critical skill shortage to address those complexities, there is a growing acceptance for security delivered from the cloud.

In a recent survey, it was shown that organizations with more sophisticated security initiatives are more vulnerable. I realize it flies in the face of reason. The answer is their sophistication creates enhanced visibility. Enhanced visibility gives them a better vantage over the threat landscape…in short they see what’s coming and can prepare strategic defenses. The point I wish to make is that this level of sophistication is affordable and manageable when applying cloud-based security tools. At the risk of being repetitive, this model creates relief in terms of infrastructure investment, removes the hurdles of configuration and implementation difficulties and diffuses maintenance and analysis complexities. Most importantly, it builds in the necessary expertise—security-as-a-service, than creates the intelligence without the additional financial outlay. It gives you a fighting chance…with both hands free.

Kevin Nikkhoo
Fighting the fight with both hands free!

www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Latest Stories
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Though cloud is the future of enterprise computing, a smooth transition of legacy applications and systems is critical for seamless business operations. IT professionals are eager to start leveraging the cost, scale and other benefits of cloud, but with massive investments already in place in existing infrastructure and a number of compliance and resource hurdles, it can be challenging to move to a cloud-based infrastructure.
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...