The Games SIEM Vendors Play: Public Cloud and User Security

Security information and event management (SIEM) is an essential component of an organization’s cybersecurity strategy, providing real-time visibility into security-related data from various sources, such as network devices, servers, and applications. But when it comes to selecting a SIEM vendor, organizations often find themselves navigating a complex landscape of features, pricing models, and marketing claims. In our last post on the games SIEM vendors play, we explored tricky “free” versions and performance without scalability. In this post, we will explore the games that SIEM vendors play around the security considerations of public cloud plus local and remote users.

When it comes to selecting a SIEM, one of the most important considerations is the security of the system itself. This includes both the security of the public cloud or virtual compute environment where the SIEM is hosted, as well as the security of local and remote users who will be accessing the system.

Vendors sometimes promote virtual compute as a way to reduce costs and improve scalability. But buyer beware: virtual compute can introduce new vulnerabilities, such as those arising from shared resources and network configurations.

Security of the public cloud or virtual compute environment

First, let’s look at the security of the public cloud or virtual compute environment. One of the biggest concerns here is the risk of data breaches or unauthorized access to sensitive information. To mitigate this risk, organizations should carefully evaluate the security implications of virtual compute and ensure that the vendor can provide adequate security controls, including:

• Authentication: Virtual compute environments require robust authentication mechanisms to ensure that only authorized users can access the system. This can include multifactor authentication (MFA), such as password and biometric or token-based authentication, as well as role-based access controls to limit access to sensitive data and resources.

• Encryption standards: Encryption is crucial to protect data in transit and at rest in virtual compute environments. You should ensure that your SIEM vendor supports industry-standard encryption protocols, such as AES and SSL/TLS, to secure data communications and storage.

• Secrets management: Virtual compute environments often involve the use of sensitive information, such as credentials and keys, that need to be protected from unauthorized access. Ensure that your SIEM vendor provides robust secrets management capabilities to secure these sensitive data and prevent them from being compromised.

Security of local and remote users

Another important consideration is the security of local and remote users. This includes both the security of the devices they are using to access the SIEM and the security of their login credentials. To ensure that these users are protected, it is essential to choose a SIEM vendor that offers robust user authentication and access controls, as well as the ability to monitor and track user activity. Additionally, it is important to ensure that the vendor offers regular security updates and patches to help protect against known vulnerabilities.

4 key public cloud security considerations for choosing a SIEM vendor

These are some key public cloud security considerations that SIEM vendors need to take into account:

1. Data breaches: Public cloud and virtual compute environments are vulnerable to data breaches. SIEM vendors must ensure that their systems are able to detect and respond to these threats in a timely manner.
2. Insider threats: You need a SIEM that can detect and respond to insider threats from employees or third parties who have access to sensitive data.
3. Remote users: Remote users may be accessing sensitive information from different locations. Your SIEM should be able to detect and respond to threats from remote users, even if they are not on your organization’s network.
4. Compliance: SIEM vendors must be able to help organizations comply with a variety of compliance requirements and regulations, such as HIPAA, PCI-DSS, and GDPR, by providing the necessary monitoring and reporting capabilities.

Conclusion

Overall, when it comes to purchasing a SIEM, it is essential to choose a vendor that offers robust security measures and a commitment to protecting your data and users. By taking these considerations into account, you can ensure that your organization is protected against potential security threats and breaches.

In the next and final post of this series, we will explore how combining statistics and machine learning can lead to improved detection.

The Exabeam Fusion Total Economic Impact™ (TEI) study by Forrester Consulting revealed how a group of Exabeam Fusion SIEM customers achieved a composite ROI of 245% over three years, with a payback period of less than six months.

Read the report to learn:

• Four measurable areas where customers achieved ROI using Exabeam Fusion SIEM
• Why customers choose Exabeam Fusion SIEM
• How the Exabeam Next-gen SIEM can transform security operations