Emerging after more than two years of pandemic measures like remote working, cloud migration and patched-up cybersecurity, many businesses are seeking new ways to log and analyse the data on their networks and servers to better suss out hidden cyber threats.
Many of these so-called Security Information and Event Management (SIEM) tools have been set up haphazardly or piecemeal, as the early days of the Covid-19 crisis forced businesses to adapt.
These tools enable businesses as well as the managed security providers to investigate security incidents, conduct digital forensics and to comply with regulatory requirements.
By logging and analysing the data from various devices – firewalls, networks, servers, workstations and applications – SIEM tools promise to offer a clearer idea of the cyber threats facing a business.
Now, as the pandemic recovery gets well underway this year in many countries, businesses are looking for SIEM tools that can not only scale with the increased demands of hybrid work but also ones that don’t burst the bank account doing so.
The shift to remote work and cloud applications caught a lot of businesses by surprise at the beginning of the pandemic, said Neil Campbell, vice-president of sales for Asia-Pacific at Securonix, a cloud-based SIEM provider.
It did not help that many of the digital assets that they held previously on-premise had to be moved to the cloud, which needed new monitoring and analysis tools, he told Techgoondu in a recent interview.
Another problem with SIEM is the cost. It could start from US$25,000 and run up to more than S$1 million, depending on the complexity and number of users and assets involved, which meant only large corporations or governments could have the tools most of the time.
Some security vendors that provide outsourced services to businesses also run SIEM tools on behalf of their customers, though the costs depend on the extent of the monitoring and response as well.
Increasingly, there is an urgency to scale up these tools. Data is collected 24/7 and it has to be analysed so that security professionals do not have to spend time going over false positives of cyber intrusions, for example.
This has often meant a Faustian choice for many businesses, according to Campbell, who said that some have had to forgo some data sources to monitor, which could become security blind spots.
What his company promises is a cloud-based SIEM offering that offers a more streamlined and scalable approach to the usual tools for monitoring, breach detection, incident response, and security automation.
By offering a managed service, it also takes away the trouble of configuring a SIEM tool, for example, to find the right way to “punch holes” in a corporate firewall to send the data for analysis, he explained.
Other SIEM players in the field include Splunk, IBM and LogRhythm. Each offers unique features, though SIEM tools are generally a collection of previously disparate tools that have evolved over time and are now closely integrated to offer a clearer idea of emerging threats.
What is critical is how well these tools come together to take the load off these human operators.
Artificial intelligence (AI) and machine learning will be important in determining if a SIEM suite can catch, say, the suspicious behaviour of a data breach from an insider within the network.
After all, security alerts are already overwhelming cybersecurity professionals staring at the dashboard daily. Eighty-three per cent of them suffer from alert fatigue, according to a study compiled by Dimensional Research on behalf of security intelligence provider Sumo Logic in 2020.
“Enterprises are arguably dealing with more data today than ever before and the pain security operations teams are feeling is significant,” said Greg Martin, general manager for the security business unit at Sumo Logic, in a Computer Weekly report.
“Companies need to adopt solutions that let them quickly identify, prioritise and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction,” he said.
