These days, everything is moving to the cloud, including—finally—nearly all security vendors. Today, there’s a dazzling array of cloud-native log management, products that secure your clouds, and a few cloud SIEMs that, upon further inspection, are a bit cloudy on the details.
Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.
Modern SIEM solutions enable three new use cases
In the past, SIEM has been most valuable around:
Correlation: Give me context, and help me investigate alarms triggered by my stack
Compliance: Help me prove that all access is logged, events are being tracked, and file integrity monitoring is in place
While these use cases are foundationally valuable, getting to a successful deployment with traditional SIEMs requires a huge amount of up-front configuration, tuning, and ongoing maintenance. Historically, security teams had to spend more time tuning detection rules and filtering through the noise, instead of acting on the outputs and progressing their security posture.
Cloud SIEM tools, like Rapid7 InsightIDR, are quickly gaining market share today as security teams can shed infrastructure and data management hats to focus on three key use cases:
Use case No. 1: Unify data (all of it!) with your cloud SIEM
Our networks now have important log and event sources sprawled across hundreds of log sources, endpoints, and cloud services and hosting platforms. As a supporting visual, here’s our InsightIDR data architecture diagram:
Combined ..
Support the originator by clicking the read the rest link below.
