What is a cloud SIEM?

September 1, 2020 | Nick Cavalancia

This blog was written by a third party author.

Security information and event management (SIEM) solutions offer businesses the ability to collect, store, and analyze security information from across their organization and alert IT admins/security teams to potential attacks. In today’s complex digital environments, SIEMs allow IT teams to more effectively detect and respond to a wide range of threats across broad networks. However, with businesses moving more and more workloads and workflows to the cloud, their security defenses need to move with them.

What is a cloud-based SIEM?

Cloud-based SIEM (also referred to as SIEM-as-a-Service), takes SIEM to the next level, providing IT teams with greater convenience, flexibility, and power when managing threats across multiple environments – both on-premises and in the cloud.

This is particularly important at a time when both the workforce and critical workloads are no longer within the four walls of the organization. Cloud-based SIEM provides an effective and efficient way to constantly monitor all devices, servers, applications, users, and infrastructure components on your network. And all from one central cloud-based dashboard.

From the “single pane of glass” of a cloud-based SIEM platform, you can…

  • Monitor systems, applications, and workloads, whether physical or virtual, anywhere in your network, whether in your data center, in a private cloud, or across one or more public clouds
  • Get real-time alerts on security incidents
  • Serve as the basis for risk analysis and audits
  • Consolidate and manage security and event log data
  • Automate compliance reporting

How has cloud infrastructure redefined threat detection? 

The ultimate goal of any SIEM platform is to improve an organization’s security posture. However, with businesses moving to the cloud, the threat landscape has changed and with it the way we need to perform threat detection and response has also changed. The new infrastructure and deployment models that come with cloud deployment have brought not only new security models, but also new attack surfaces.

One key area of change is responsibility. In on-premises deployments, companies are responsible for the entire security stack, from the physical hardware infrastructure to the data stored on it. However, with cloud infrastructures there is a split. The shared responsibility models of AWS, Microsoft, Google and the like, set out that while the cloud service provider (CSP) takes responsibility for the security and maintenance of any supporting hardware, it is the individual organization’s responsibility to secure and maintain the data on those systems. If not managed correctly, this creates a potential visibility gap in the business’ attack surface.

The highly dynamic nature of cloud workloads means that systems can come and go in seconds, and confidential information can be exposed to other users or to the CSP because no control is provided over the existing hardware. On top of this, the introduction of multiple access and management capabilities makes it hard to manage, track, and audit administrative actions when users can access cloud resources from both inside and outside the corporate environment. All this renders traditional approaches to monitoring traffic flow ineffective. So new controls need to be applied.

Looking at things from an attacker’s perspective, cloud-based systems offer variability in administrative access models which gives the attacker two different angles of attack. Firstly, via traditional means of accessing systems inside the enterprise network perimeter and escalating to an administrative account that has cloud resources. Secondly, the attacker can bypass all the above by compromising credentials from an administrator account that has remote administrative capabilities or CSP administrative access.

Cloud-based SIEM is designed to address these specific challenges inherent to an organization’s move to the cloud, providing the needed comprehensive visibility into the current state of security in an easy and effective solution.

Cloud-based SIEM solution

Threat detection, incident response, and compliance in a single, cloud-based platform.

Learn more

What are the benefits of cloud-based SIEM vs on-premises SIEM?

At first, the two solutions may simply seem to be differentiated by where they are hosted.  But cloud-based SIEM provides organizations with a number of key benefits over on-premises solutions.

  • Speed of deployment – With cloud-based SIEM, organizations can be up and running much more quickly. When businesses install an on-site SIEM solution, there can be a long onboarding process before the system is fully operational. By choosing to go with a cloud-based SIEM solution, the technology can be customized and deployed much more quickly.
  • Less expertise needed – SIEM solutions can be complex, overbearing solutions that require a solution expert to properly configure and maintain. Cloud-based SIEM solutions are designed to simplify the task of implementing and maintaining the solution, lowering both the level of expertise required, as well as the number of staff necessary to manage it.
  • Always current – Cloud-based SIEM removes the need to handle updates and stay on top of emerging capabilities, allowing an organization to scale conveniently and as required, with any additional capacity being easily purchased from the CSP.
  • No capital expenditures required – It’s an unavoidable truth that an on-premises solution will require a specific combination of hardware and software which will become obsolete over time. An on-premises deployment is eventually going to require a refresh, but a cloud-based SIEM removes this worry for the organization as the CSP handles all this. Over time, this reduces the cost for the purchasing organization and allows it to transition from a capital expenditure model to a more manageable operational expense framework.

In short, if your business is moving more operations to the cloud then cloud-based SIEM can provide you with the tools you need to easily, efficiently, and cost-effectively monitor and secure this new environment.

Nick Cavalancia

About the Author: Nick Cavalancia

Nick Cavalancia is a Microsoft Cloud and Datacenter MVP, has over 25 years of enterprise IT experience, is an accomplished consultant, speaker, trainer, writer, and columnist, and has achieved industry certifications including MCSE, MCT, Master CNE, Master CNI. Nick regularly speaks, writes and blogs for some of the most recognized tech companies today on topics including cybersecurity, cloud adoption, business continuity, and compliance.

Read more posts from Nick Cavalancia ›

TAGS:

‹ BACK TO ALL BLOGS

Watch a demo ›
Get price Free trial