Click here to close now.

SYS-CON MEDIA Authors: Liz McMillan, Elizabeth White, Dana Gardner, tru welu, Blue Box Blog

Related Topics: Cloud Expo, .NET, Virtualization, Web 2.0, Security, Big Data Journal

Cloud Expo: Article

How Cloud-Based SIEM Frees That One Hand Tied Behind Your Back

Changing the culture from reactive to proactive security strategies

Have you ever been asked to fight the state boxing champion with one hand tied behind your back? Or metaphorically experience the old adage of bringing a knife to a gunfight? Many security professionals face this scenario every day.

For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security--just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management. Executives simply expect IT security to do more with less.

But the ability to recruit and retain security experts is an issue in itself. At the MSPAlliance meeting this week in Orlando, it was reported that the unemployment rate for such professionals is less than 1%. The salary for these specialists has doubled in the past three years. No wonder there is a critical shortage to feed this growing monster. And executives are still wary to spend budget on security line items-including staffing. It is still regarded (mistakenly, I might add) as a cost center.

It is that reason why SIEM isn’t more prevalent in security initiatives. It’s expensive. It’s resource-intensive. It's too complex. It's difficult to implement. It's difficult to configure. Customization takes advance training, it take time, takes skills…Many security professionals recognize it can be a game changer, but in terms of bang for the buck, it tends to stay on the wish list. Organizations need to reprioritize and reconsider SIEM as one of the pillars of enterprise security strategy—a cornerstone that correlates across silos and countermands each one of the criticisms noted above.

We recognize risk is rising. From every survey, report and anecdote, security issues are becoming a more significant and louder talking point.  Everything from the introduction of new technologies, the morphing of infrastructures beyond network perimeters, to threats of breach, shadow IT and other internal vulnerabilities indicates that managing a firewall and filtering email is not enough.  This is not to ratchet up the rhetoric to encourage investment in security solutions, but a chance to reprioritize security and evaluate how and when a SIEM initiative might enhance capabilities without the cost and resource baggage so many apply to it.

Let’s also recognize that traditional deployments of SIEM are just not feasible for far too many companies. On premise options are cost-prohibitive. The time to monitor activity (especially in real time) is overly demanding considering other priority responsibilities. The expertise to integrate and correlate data across multiple silos and leverage their layered results into strategic action is a skill set very high in demand and hard to capture. And If I have security budget at all, I am going to invest in options in which the scope is fully affordable, manageable and fully functional. In security, solving 50% of the problem still leaves you 50% vulnerable.  All true, until you consider cloud security options.

Cloud-based SIEM certainly alleviates many of the above issues dealing with cost, deployment issues, scope fulfillment and the necessary expertise to monitor your network.

When evaluating SIEM initiatives there are a few requirements you need to consider so that you pick the best tool and process combination to close the vulnerability gap in a company. From a functionality standpoint you need a strong correlation engine. This is the foundation of situational context which allows you to discern white noise and harmless burps from true suspicious activity. Intrusion detection security without context is simply driving with one eye closed---you lose depth perception and true threat understanding. You also need real time monitoring. Looking at logs a week later may suffice for compliance needs, but any threat discovered is a week old. Classic reaction mode—but it’s neither reaction nor response, it’s mop-up and repair. Unless SIEM or log archive has a time machine module, the damage is done.

With SIEM you also need clear scope—what do you want it to monitor, what are the parameters of data synthesis, what are the response and alert protocols? You also need a process for asset classification and prioritization, data normalization and categorization of data.

The beauty of cloud-based SIEM is that a true security as a service does all the heavy lifting. It is that expertise and additional headcount you need without the CapEx costs of hardware, software, salary and the soft costs of employee benefits, training, ramp time. With all the buzz about the of cloud and it’s lack of security…this IS that security. Cloud-based SIEM is not a porous app or some subscription service sitting exposed on a server in some lonely rural business park. A cloud-based SIEM must be an extension of your own strategy…it must provide enterprise-class capability on par with any alternative version (on premise, hybrid or otherwise). When evaluating these options, simply make sure they ‘re aligned with your expectations.

But I want to take this one step further. And it moves the focus beyond SIEM. Jon Oltsik, Senior Principal Analyst at the IT strategy firm ESG he said at a webinar I attended recently, “We need integration between tools and we need better intelligence.” And he’s absolutely right.

As I alluded earlier, must SIEM should tightly integrate with Log Management. I contend that is only part of the equation. SIEM should also leverage the data collected from other security cornerstones such as identity management and access management. This unified approach is the nexus of intelligence. When considering SIEM, you should ensure that it is configured so that it collaboratively leverages data from a variety of sources so it can give you visibility; give you the details to tell friend from foe from phish from phantom.

Yet this presents another set of issues. So many solutions create so many dashboards. It is highly likely a company has multiple security systems, each looking at its own sector (i.e. Identity management is only concerned with the provisioning and de-provisioning accounts).An IT professional can easily be overwhelmed with all the check points—and then responsible for the forensic analysis to see the overall threat landscape. Centralization in a cloud-based SIEM solves the issue. In a true unified platform, all the necessary data is correlated and filtered into a single centralized dashboard. This, in turn, creates the visibility that provides the intelligence which feeds the strategies and tactics to better secure a network and all its proprietary assets.

The other issue is cost. I just recommended a company not only needs to invest in SIEM, but log management, access management, SSO and identity management. Again, I point to the cloud as the answer. By bundling these solutions as a single source, unified platform delivered and managed from a multi-tenant cloud, not only are the cost savings palpable, but the immediate deployment kick starts any initiative (you don’t have to wait a year or three to fully realize the benefits of an enterprise solution). You gain so many more capabilities you would have otherwise not been able to apply.

And with the influx of new complexities, increased threat landscapes, relentless compliance pressures, and the acknowledged critical skill shortage to address those complexities, there is a growing acceptance for security delivered from the cloud.

In a recent survey, it was shown that organizations with more sophisticated security initiatives are more vulnerable. I realize it flies in the face of reason. The answer is their sophistication creates enhanced visibility. Enhanced visibility gives them a better vantage over the threat landscape…in short they see what’s coming and can prepare strategic defenses. The point I wish to make is that this level of sophistication is affordable and manageable when applying cloud-based security tools. At the risk of being repetitive, this model creates relief in terms of infrastructure investment, removes the hurdles of configuration and implementation difficulties and diffuses maintenance and analysis complexities. Most importantly, it builds in the necessary expertise—security-as-a-service, than creates the intelligence without the additional financial outlay. It gives you a fighting chance…with both hands free.

Kevin Nikkhoo
Fighting the fight with both hands free!

www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Latest Stories
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile ...
The OpenStack cloud operating system includes Trove, a database abstraction layer. Rather than applications connecting directly to a specific type of database, they connect to Trove, which in turn connects to one or more specific databases. One target database is Postgres Plus Cloud Database, which includes its own RESTful API. Trove was originally developed around MySQL, whose interfaces are significantly less complicated than those of the Postgres cloud database. In his session at 16th Cloud...
There are 182 billion emails sent every day, generating a lot of data about how recipients and ISPs respond. Many marketers take a more-is-better approach to stats, preferring to have the ability to slice and dice their email lists based numerous arbitrary stats. However, fundamentally what really matters is whether or not sending an email to a particular recipient will generate value. Data Scientists can design high-level insights such as engagement prediction models and content clusters that a...
It's time to face reality: "Americans are from Mars, Europeans are from Venus," and in today's increasingly connected world, understanding "inter-planetary" alignments and deviations is mission-critical for cloud. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, discussed cultural expectations of privacy based on new research across these elements
In today's application economy, enterprise organizations realize that it's their applications that are the heart and soul of their business. If their application users have a bad experience, their revenue and reputation are at stake. In his session at 15th Cloud Expo, Anand Akela, Senior Director of Product Marketing for Application Performance Management at CA Technologies, discussed how a user-centric Application Performance Management solution can help inspire your users with every applicati...
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed this shifting dynamic with an ...
As enterprises engage with Big Data technologies to develop applications needed to meet operational demands, new computation fabrics are continually being introduced. To leverage these new innovations, organizations are sacrificing market opportunities to gain expertise in learning new systems. In his session at Big Data Expo, Supreet Oberoi, Vice President of Field Engineering at Concurrent, Inc., discussed how to leverage existing infrastructure and investments and future-proof them against e...
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackI...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT transformation?
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
For better or worse, DevOps has gone mainstream. All doubt was removed when IBM and HP threw up their respective DevOps microsites. Where are we on the hype cycle? It's hard to say for sure but there's a feeling we're heading for the "Peak of Inflated Expectations." What does this mean for the enterprise? Should they avoid DevOps? Definitely not. Should they be cautious though? Absolutely. The truth is that DevOps and the enterprise are at best strange bedfellows. The movement has its roots in t...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impac...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.