Академический Документы
Профессиональный Документы
Культура Документы
UNITED STATES
Jon Oltsik is a principal analyst at
Enterprise Strategy Group ESG and has
been quoted in the Wall Street Journal,
Business Week, and the New York Times.
Security information and event management (SIEM) systems first appeared around
2000 from vendors such as Intellitactics, NetForensics, and eSecurity. The original
functionality centered around event correlation from perimeter security devices such as
IDS/IPS and firewalls.
The SIEM market evolved over the past 19 years, with different vendors, functionality,
and use cases. SIEM has also grown into a $2.5 billion market, dominated by vendors
such as Splunk, IBM, LogRhythm, and AT&T (AlienVault).
Despite the SIEM evolution, today’s products can be seen as super-sized versions of
those of yesteryear. In fact, the original design of SIEM seemed like a knockoff of
network and systems management tools CA Unicenter, HP OpenView, and IBM Tivoli.
SIEM products were based upon a tiered architecture of distributed data
collectors/indexers/processors and a central database used for data analytics,
visualization, and reporting.
As SIEM scaled, organizations needed more and more hardware tiers to maintain
performance and scale. This has led to a situation where SOC personnel focused on
activities such as threat detection, incident response, and forensic investigations are
dependent upon SIEM infrastructure teams responsible for upgrading hardware, load
balancing servers, adding storage capacity, etc.
1 of 4 30/9/2019, 11:47 pm
2019 will be the year of cloud-based cybersecurity analytics/operations... https://www.csoonline.com/article/3331280/2019-will-be-the-year-of-c...
UNITED STATES
In 2019 (happy new year, dear readers), the security analytics/operations technology
model is in the midst of a massive architectural shift. Over the next few years, the
SIEM backend will migrate from on-premises servers to public cloud infrastructure. I
firmly believe that by the end of 2020, even organizations with dogmatic on-premises
biases in industries like financial services, government, and military equipment
manufacturing will eschew on-premises SIEM in favor of cloud-based alternatives.
This transition has already started and will progress rapidly due to changes on the
demand and supply side. CISOs will seek out cloud-based SIEM solutions because of:
Higher software costs. Aside from infrastructure and staffing costs, some SIEM
vendors base their pricing on the amount of data under management. I’ve heard
CISOs complain that it’s not unusual for them to blow through a three-year SIEM
budget in a year.
2 of 4 30/9/2019, 11:47 pm
2019 will be the year of cloud-based cybersecurity analytics/operations... https://www.csoonline.com/article/3331280/2019-will-be-the-year-of-c...
storage devices.
UNITED STATES
For CISOs, cloud-based SIEM can help overcome all of those issues.
As for the supply side, vendors see burgeoning market opportunities and will push
cloud-based SIEM into the market in several ways:
Traditional SIEM vendors see cloud upside. While they don’t talk much about it,
SIEM leaders IBM and Splunk are already seeing much faster growth rates for
cloud-based deployments of their products. This will continue.
Startups are all about the cloud. The latest round of security
analytics/operations vendors, such as DEVO, Empow Cybersecurity, and JASK,
have embraced a cloud-based backend designed for data pipelining, processor-
intensive machine learning algorithms, and massive scale. We’ll likely see several
more of newbies in 2019.
The cloud service providcers are jumping in. Amazon, Google, and Microsoft
own globally distributed, cloud-based infrastructure and are investing heavily in
artificial intelligence/machine learning, so the cybersecurity analytics use case
represents a perfect opportunity that aligns with their technology investments.
These firms are already making the move: Google/Alphabet has announced its
security analytics intentions with Chronicle. Amazon acquired Sqrll and hinted at a
bigger security analytics/operations play at Re:Invent. Microsoft remains tight-
lipped about its security analytics/operations plans but some of its recent
announcements suggest that Redmond will join the fray in 2019.
3 of 4 30/9/2019, 11:47 pm
2019 will be the year of cloud-based cybersecurity analytics/operations... https://www.csoonline.com/article/3331280/2019-will-be-the-year-of-c...
Top cyber security certifications: Who they're for, what they cost, and which you
need
The best password advice right now (Hint: It's not the NIST guidelines)
Top cyber security certifications: Who they're for, what they cost, and which you
need
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service.
Follow
4 of 4 30/9/2019, 11:47 pm