Are You Thinking About Shifting Your SIEM to the Cloud?

Cloud-delivered security information and event management (SIEM) solutions are becoming increasingly popular, and more businesses are looking to move their SIEMs to the cloud to save costs and cut down on operational overhead. While there are several questions you might have about cloud-delivered SIEMs, the big ones should be:

1. How am I using my SIEM now?
2. How can I take advantage of all the benefits of cloud-delivered technologies to achieve even more?

In this article:

• How are you using your SIEM now?
• What are the benefits of a cloud-delivered SIEM?
• What are your concerns about adopting cloud SIEM?
• Learn more about the advantages of cloud-delivered SIEM solutions

How are you using your SIEM now?

Security Operations Centers (SOCs) invest in SIEM software to streamline visibility across their organization’s environments, compile and investigate log data for incident response to cyberattacks and data breaches, and adhere to local and federal compliance mandates. There are three primary functions for a SIEM:

• Log management — Processes for simple collection and centralized storage of logs
• Security information management (SIM) — Tools for automated collection of log files for long-term storage, analysis, and reporting on log data
• Security event management (SEM) — Technology for real-time monitoring and correlating of systems and events across reporting devices and tools

The problem is that most on-premises SIEMs can’t keep up with growing organizations and a rapid influx of new log sources. Local storage capacity is often overrun quickly, as some organizations generate more than a terabyte of log and event data every day — or increased licenses must be purchased to keep up with throughput and events per second (EPS) rates. 56% of IT practitioners say their IT security infrastructure has coverage gaps. This is frequently due to legacy SIEM systems that cannot scale with enterprise networks. This inability to scale is solved when your SIEM is cloud-delivered. 

What are the benefits of a cloud-delivered SIEM?

Customers can realize benefits from cloud SIEM in deployment, maintenance, ongoing operations, and scalability. Cloud SIEM deployment dramatically reduces time by eliminating the configuration of SIEM appliances and deploying new hardware/software in their data centers. Buyers can realize faster time to value (TTV) as a result.

For example, approximately 55% of Gartner Peer Insights respondents since March 2017 reported that it took up to three months to deploy their SIEM solution. That means about 45% of SIEM solution deployments take more than three months to complete, with 20% six months or longer. There are many factors to this, from change management delays to log and API set up, parsing, and data normalization into the SIEM — especially for a new log source that doesn’t come prepackaged from the SIEM vendor.

Cloud SIEM deployment can be substantially faster than on-premises deployments. Maintenance activities are similarly reduced as the vendor manages upgrades and bug fixes. 

What are your concerns about adopting cloud SIEM?

The truth is, there are lingering negative perceptions of using a cloud security solution or SIEM which can slow down adoption. Feedback from conversations with analysts like Gartner and prospective clients as to why they will not — or cannot — use a cloud SIEM approach includes:

1. Organizational policies which do not support software as a service (SaaS) use are rare these days — but still exist in specific verticals.
2. Misunderstandings about the shared security and upkeep responsibility relationship between customer and vendor, updates, and bug fixes.
3. Corporate policy requires the SIEM technology to be purchased as a capital expense (CAPEX), which does not fit most SaaS vendors’ operational expense (OPEX) model. 
4. Negative discussion from historic challenges about the impact on the internet network links, leading to increased traffic and additional costs — or general slowing.
5. Concern about the availability of the service and vendors because control of the technology is “out of their (customers’) hands”.
6. Cloud SIEM customers are locked into the solution, with the recovery of their data difficult or impossible if the agreement with the vendor is terminated or expires.

Some of these concerns are entirely legitimate; one would also be concerned about being locked out of the solution at a critical step. But the benefits far outweigh the drawbacks. Don’t miss out on the most significant improvements offered by cloud-delivered technologies. 

The SIEM market is a victim of its own success. Over the last 20 years, the workload of the SIEM has evolved dramatically. While the additional scope and log collection has made SIEM platforms more powerful in historic search capability, it’s added a complexity level beyond the capabilities of many SOC teams. Cloud-delivered SIEM is the future and dramatically simplifies deployment, management, ease of use, speed, and detection accuracy. On-premises SIEM can’t compete with their cloud-delivered counterparts; local SIEMs lack the ease of use, scalability, efficiency, and cost-effectiveness. 

As organizations grow, merge, and evolve in their marketplaces, their security teams must keep pace. Cloud-delivered security solutions like Exabeam Fusion SIEM offload the costs of hardware and maintenance from your IT team and simplify operations for security engineers and analysts, so they can focus on delivering the best possible TDIR.

Security Information and Event Management (SIEM) solutions have been around for more than 20 years in various incarnations. In the original SIEM models, the operational back end was entirely on-premises from the databases to the front-end applications, including user interfaces, case management features, and more. Read our guide, 6 Benefits of SIEM in the Cloud.