Security as a service is becoming a market game-changer

Latest SIEM offerings change way SMBs, others detect, manage increasing cyber risk

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A rev­o­lu­tion is hap­pen­ing in dig­i­tal secu­ri­ty. As data breach­es con­tin­ue to become more prevalent—and damaging—vendors focused on Secu­ri­ty Infor­ma­tion and Event Man­age­ment (SIEM) are redesign­ing their solu­tions to meet the needs of a grow­ing market.

By 2021, the demand for SIEM solu­tions is set to grow to $5.93 bil­lion, accord­ing to research from Tech­navio. Their report, Glob­al Secu­ri­ty Infor­ma­tion and Event Man­age­ment Mar­ket 2017–2021, esti­mates that the SIEM mar­ket will grow at an annu­al rate of more than 12 per­cent over the next four years.

Relat­ed sto­ry and pod­cast: Machine learn­ing under­ly­ing SIEM gets smarter at neu­tral­iz­ing threats

For the first time since the term SIEM was coined by Gart­ner ana­lysts Mark Nico­lett and Amrit Williams in 2005, infos­ec com­pa­nies are begin­ning to think of SIEM as a ser­vice rather than a prod­uct. This is in stark con­trast with the ear­li­est visions for SIEM. When solu­tions were first being launched, for­ward-think­ing enter­pris­es bought the prod­uct and were expect­ed to install and man­age the entire thing them­selves. The result? Too many com­pa­nies spent mon­ey with no mea­sur­able results. Unsur­pris­ing­ly, enter­pris­es were quick to dis­miss SIEM offerings.

Pre­vi­ous prob­lems with SIEM solutions

A.N. Ananth, Event­Track­er CEO

We think that a lot of the crit­i­cism that peo­ple had for SIEM in years past was cen­tered around the frus­tra­tion of get­ting it to do what peo­ple want­ed it to do,” says A.N. Ananth, CEO of Event­Track­er, one of the secu­ri­ty com­pa­nies lead­ing the new charge.

Although com­pli­ance remains a rel­e­vant sell­ing point for jus­ti­fy­ing secu­ri­ty and risk man­age­ment bud­gets the series of high-pro­file attacks in recent years now is a strong driver.

Gartner’s most recent IT Key Met­rics Data pegs com­pa­ny spend­ing on IT secu­ri­ty and risk man­age­ment at between 4 per­cent and 7 per­cent of the over­all IT bud­get. How­ev­er, spend­ing sta­tis­tics alone do not mea­sure effec­tive­ness and are not a gauge of suc­cess­ful IT with­in orga­ni­za­tions. They sim­ply pro­vide a view of aver­age costs, in gen­er­al, with­out regard to com­plex­i­ty or demand.

For SMBs, one way to con­strain spend­ing is to con­sid­er man­aged detec­tion and response. This is an effec­tive out­come-based com­bi­na­tion of exper­tise and tools to detect threats, espe­cial­ly tar­get­ed advanced and insid­er threats.

SIEM as a ser­vice takes off

In the past year, SIEM as a ser­vice is becom­ing increas­ing­ly pop­u­lar with small- and medi­um-size busi­ness­es (SMBs). As a result, many offer­ings have emerged.

EventTracker’s solu­tion, SIEM­phon­ic pro­vides every­thing you would expect from a SIEM prod­uct, includ­ing vul­ner­a­bil­i­ty scan­ning and intru­sion detec­tion, as a man­aged service.

A Fortinet ver­sion called the For­tiSIEM plat­form offers ease of man­age­ment and pro­vides admin­is­tra­tion with dash­board views of all infor­ma­tion col­lect­ed and ana­lyzed. For­tiSIEM breaks down lay­ers of events into use­ful and pur­pose­ful infor­ma­tion, with a dis­trib­uted real-time event cor­re­la­tion engine that enables orga­ni­za­tions to detect com­plex event pat­terns in real time.

Splunk’s ver­sion stress­es flex­i­bil­i­ty and scal­a­bil­i­ty. The SIEM soft­ware quick­ly index­es mas­sive vol­umes of orig­i­nal, raw data from any source. Alert Log­ic, BAE Sys­tems, IBM and Trust­wave offer oth­er man­aged solutions.

The SIEM revival

Although many busi­ness­es were dis­ap­point­ed by SIEM offer­ings pre-2010, they are now com­ing back to the mar­ket thanks to this new man­aged offering.

Accord­ing to the Ponemon Insti­tute, 2016 was a record year for data breach­es, with 980 inci­dents cost­ing between $3.8 mil­lion and $4 mil­lion. Reg­u­la­to­ry com­pli­ance requires that a solu­tion like SIEM be part of an organization’s online archi­tec­ture. And because of a com­bi­na­tion of fines and pub­lic sham­ing, more and more busi­ness are tak­ing these reg­u­la­tions seriously.

That is why for SMBs, a man­aged SIEM solu­tion is seen as a neces­si­ty. Just being com­pli­ant isn’t enough. It is not just about the mon­ey, either. Any inci­dent of data loss, how­ev­er small, can be a huge blow to cus­tomer confidence.

Any busi­ness, regard­less of reg­u­la­to­ry require­ments, should con­sid­er a SIEM solu­tion as soon as they have basic secu­ri­ty archi­tec­ture in place.

Ananth says: “Secu­ri­ty comes first. If you are secure, then you are com­pli­ant. You can be com­pli­ant, but you might not be secure.”

More sto­ries relat­ed to threat detection:
Auto­mat­ed mal­ware removal fights fire with fire
Machine learn­ing helps detect real-time net­work threats

Machine learn­ing com­bined with behav­ioral ana­lyt­ics can make big impact on security


Posted in Cybersecurity, Data Security, Featured Story