Welcome!

Related Topics: @CloudExpo, Microsoft Cloud, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo

@CloudExpo: Article

How Cloud-Based SIEM Frees That One Hand Tied Behind Your Back

Changing the culture from reactive to proactive security strategies

Have you ever been asked to fight the state boxing champion with one hand tied behind your back? Or metaphorically experience the old adage of bringing a knife to a gunfight? Many security professionals face this scenario every day.

For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security--just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management. Executives simply expect IT security to do more with less.

But the ability to recruit and retain security experts is an issue in itself. At the MSPAlliance meeting this week in Orlando, it was reported that the unemployment rate for such professionals is less than 1%. The salary for these specialists has doubled in the past three years. No wonder there is a critical shortage to feed this growing monster. And executives are still wary to spend budget on security line items-including staffing. It is still regarded (mistakenly, I might add) as a cost center.

It is that reason why SIEM isn’t more prevalent in security initiatives. It’s expensive. It’s resource-intensive. It's too complex. It's difficult to implement. It's difficult to configure. Customization takes advance training, it take time, takes skills…Many security professionals recognize it can be a game changer, but in terms of bang for the buck, it tends to stay on the wish list. Organizations need to reprioritize and reconsider SIEM as one of the pillars of enterprise security strategy—a cornerstone that correlates across silos and countermands each one of the criticisms noted above.

We recognize risk is rising. From every survey, report and anecdote, security issues are becoming a more significant and louder talking point.  Everything from the introduction of new technologies, the morphing of infrastructures beyond network perimeters, to threats of breach, shadow IT and other internal vulnerabilities indicates that managing a firewall and filtering email is not enough.  This is not to ratchet up the rhetoric to encourage investment in security solutions, but a chance to reprioritize security and evaluate how and when a SIEM initiative might enhance capabilities without the cost and resource baggage so many apply to it.

Let’s also recognize that traditional deployments of SIEM are just not feasible for far too many companies. On premise options are cost-prohibitive. The time to monitor activity (especially in real time) is overly demanding considering other priority responsibilities. The expertise to integrate and correlate data across multiple silos and leverage their layered results into strategic action is a skill set very high in demand and hard to capture. And If I have security budget at all, I am going to invest in options in which the scope is fully affordable, manageable and fully functional. In security, solving 50% of the problem still leaves you 50% vulnerable.  All true, until you consider cloud security options.

Cloud-based SIEM certainly alleviates many of the above issues dealing with cost, deployment issues, scope fulfillment and the necessary expertise to monitor your network.

When evaluating SIEM initiatives there are a few requirements you need to consider so that you pick the best tool and process combination to close the vulnerability gap in a company. From a functionality standpoint you need a strong correlation engine. This is the foundation of situational context which allows you to discern white noise and harmless burps from true suspicious activity. Intrusion detection security without context is simply driving with one eye closed---you lose depth perception and true threat understanding. You also need real time monitoring. Looking at logs a week later may suffice for compliance needs, but any threat discovered is a week old. Classic reaction mode—but it’s neither reaction nor response, it’s mop-up and repair. Unless SIEM or log archive has a time machine module, the damage is done.

With SIEM you also need clear scope—what do you want it to monitor, what are the parameters of data synthesis, what are the response and alert protocols? You also need a process for asset classification and prioritization, data normalization and categorization of data.

The beauty of cloud-based SIEM is that a true security as a service does all the heavy lifting. It is that expertise and additional headcount you need without the CapEx costs of hardware, software, salary and the soft costs of employee benefits, training, ramp time. With all the buzz about the of cloud and it’s lack of security…this IS that security. Cloud-based SIEM is not a porous app or some subscription service sitting exposed on a server in some lonely rural business park. A cloud-based SIEM must be an extension of your own strategy…it must provide enterprise-class capability on par with any alternative version (on premise, hybrid or otherwise). When evaluating these options, simply make sure they ‘re aligned with your expectations.

But I want to take this one step further. And it moves the focus beyond SIEM. Jon Oltsik, Senior Principal Analyst at the IT strategy firm ESG he said at a webinar I attended recently, “We need integration between tools and we need better intelligence.” And he’s absolutely right.

As I alluded earlier, must SIEM should tightly integrate with Log Management. I contend that is only part of the equation. SIEM should also leverage the data collected from other security cornerstones such as identity management and access management. This unified approach is the nexus of intelligence. When considering SIEM, you should ensure that it is configured so that it collaboratively leverages data from a variety of sources so it can give you visibility; give you the details to tell friend from foe from phish from phantom.

Yet this presents another set of issues. So many solutions create so many dashboards. It is highly likely a company has multiple security systems, each looking at its own sector (i.e. Identity management is only concerned with the provisioning and de-provisioning accounts).An IT professional can easily be overwhelmed with all the check points—and then responsible for the forensic analysis to see the overall threat landscape. Centralization in a cloud-based SIEM solves the issue. In a true unified platform, all the necessary data is correlated and filtered into a single centralized dashboard. This, in turn, creates the visibility that provides the intelligence which feeds the strategies and tactics to better secure a network and all its proprietary assets.

The other issue is cost. I just recommended a company not only needs to invest in SIEM, but log management, access management, SSO and identity management. Again, I point to the cloud as the answer. By bundling these solutions as a single source, unified platform delivered and managed from a multi-tenant cloud, not only are the cost savings palpable, but the immediate deployment kick starts any initiative (you don’t have to wait a year or three to fully realize the benefits of an enterprise solution). You gain so many more capabilities you would have otherwise not been able to apply.

And with the influx of new complexities, increased threat landscapes, relentless compliance pressures, and the acknowledged critical skill shortage to address those complexities, there is a growing acceptance for security delivered from the cloud.

In a recent survey, it was shown that organizations with more sophisticated security initiatives are more vulnerable. I realize it flies in the face of reason. The answer is their sophistication creates enhanced visibility. Enhanced visibility gives them a better vantage over the threat landscape…in short they see what’s coming and can prepare strategic defenses. The point I wish to make is that this level of sophistication is affordable and manageable when applying cloud-based security tools. At the risk of being repetitive, this model creates relief in terms of infrastructure investment, removes the hurdles of configuration and implementation difficulties and diffuses maintenance and analysis complexities. Most importantly, it builds in the necessary expertise—security-as-a-service, than creates the intelligence without the additional financial outlay. It gives you a fighting chance…with both hands free.

Kevin Nikkhoo
Fighting the fight with both hands free!

www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Latest Stories
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to transi...
After more than five years of DevOps, definitions are evolving, boundaries are expanding, ‘unicorns’ are no longer rare, enterprises are on board, and pundits are moving on. Can we now look at an evolution of DevOps? Should we? Is the foundation of DevOps ‘done’, or is there still too much left to do? What is mature, and what is still missing? What does the next 5 years of DevOps look like? In this Power Panel at DevOps Summit, moderated by DevOps Summit Conference Chair Andi Mann, panelists l...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...