The skills of hackers are improving exponentially as rogue governments and organized crime groups provide bad actors with more financial and technical resources than ever before. Hackers today are using advanced technology to release new threats that are increasingly hard to detect. This presents a challenge: While security operations (SecOps) teams are tasked with protecting their organizations from these evolving threats, they have limited personnel available to do so.
SecOps teams require a more efficient approach that can help them protect their organization from new and existing threats as quickly as possible. This requirement for fast time to protection is the result of the speed with which cyberthreats propagate and inflict harm.
One of the most promising solutions to the problem of limited SecOps resources and the growing scope of threats is the use of cloud-based SIEM solutions. Cloud services make it possible for organizations to implement SIEM solutions faster to protect against new and recently discovered threats, as there is minimal deployment time required before the solution is usable. The now-established benefits of cloud economics—such as no Capex costs and predictable Opex—are also advantages of cloud-based SIEM solutions.
However, just delivering a legacy SIEM solution via the cloud is not enough. Without important additional functionality, there may be no substantial improvement in the speed to protection. Merely moving a legacy on-premises solution to the cloud provides only a partial benefit.
The real benefit is the ability to collect all data without unwieldy connectors and be operational far more quickly with the inclusion of prebuilt dashboards and reports. All dashboards and reports should work across multiple domains—cloud and on-premises—to deliver insights that can be acted upon immediately. If SecOps has to invest the time and resources to build new dashboards and reports, as well as develop a new reporting schema that will work across multiple domains, the time-to-protection metric increases. In this case, substantial additional work would be necessary before the value from the SIEM solution could be realized.
Using prebuilt dashboards and reports allows SecOps to focus on detecting, investigating and remediating cyberthreats rather than building report templates. The time savings from using pre-built reporting can be substantial, especially in organizations with large or complex domains. Without pre-built functionality, weeks and months may elapse between signing the contract and the actual use of the solution.
Cloud-based SIEM also offers significant improvement in total cost of ownership (TCO) when compared with legacy solutions—some enterprises estimate TCO savings of 50%. By eliminating upfront capital investment and the expense of additional staff, out-of-pocket costs are substantially lower.
The use of cloud-based platforms has improved the efficiency and effectiveness of many IT tasks and solutions. Cloud-based SIEM offers these benefits, enabling SecOps to meet the critical need for faster time to protection. It’s a solution whose time has truly arrived.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2016 Splunk Inc. All rights reserved.