SIEM More Relevant Than Ever When Securing the Edge
Cybersecurity pros have long looked at security information and event management (SIEM) as a necessary tool to gauge the security posture of a network. After all, a proper SIEM solution gives cybersecurity professionals a way to analyze security incidents and events and to correlate those events into something with meaning. However, gathering all of the relevant information is becoming more difficult as organizations move from on-premises networks and start to leverage more and more cloud services.
As services move to the edge, the current crop of SIEM platforms are beginning to lose visibility into all of the events related to security. The adoption of edge computing, as well as many cloud-delivered services, have created an issue for numerous cybersecurity managers, an issue that amounts to no longer having the ability to view and analyze all of a company’s network activity from a single management platform. Yet, as threats evolve and attack surfaces grow, SIEM will become more critical than ever.
What’s more, the very security technologies that businesses use are going through a disruption of their own. Vendors are now hawking zero-trust solutions as well as SASE (secure access service edge) to overcome the new threats that are arriving on the cyber frontier. Those issues and many others are forcing organizations to rethink traditional SIEM offerings and how to again achieve a centralized and unified method for understanding their security posture.
According to PricewaterhouseCoopers, 47% of enterprises use SIEM tools. In addition, according to Gartner, cloud-based security services will be worth $9 billion in 2020. As organizations move security and networking to the cloud, seamless integration with a SIEM tool will be an essential requirement. To meet those new challenges, vendors are also rethinking the role that SIEM plays in cyber-forensics and are now incorporating SIEM capabilities directly into their security platforms.
Cato Networks, a purveyor of SASE—Gartner-defined technology that converges the functions of networking and security into a unified, cloud-native service—is taking on the SIEM challenge by incorporating SIEM capabilities directly into its SASE offering. The company said its Instant*Insight SIEM offering converges networking and security into its SASE platform, and will cut down on deployment complexities and upfront costs when compared to traditional SIEM services, event managers and network analysis tools.
Instead of attempting to make existing SIEMs work with Cato’s SASE platform, users will have access to a fully integrated SIEM offering that brings forth all of the critical data a cybersecurity pro needs. It is an important distinction from traditional SIEM solutions, which integrate into security and networking products via accessing logs or using APIs. CATO’s approach highlights the inherent change that comes with using a software defined-wide area network (SD-WAN) as opposed to traditional connectivity options.
With an SD-WAN, WAN traffic moves through software-defined pipes and the platform has full visibility into the movement of data. It is a distinction that has not been lost on other SD-WAN purveyors.
For example, Windstream Enterprise has incorporated a SIEM service into the company’s Managed Network Services (MNS) offering, which integrates into the company’s SD-WAN. Netsurion, another SD-WAN vendor, is offering a managed SIEM service. The company claims its SIEM monitors services for threats and helps businesses stay compliant with PCI and HIPAA regulatory requirements.
Another vendor in the SD-WAN game, iBoss, is taking a different approach. The company is offering log-forwarding capabilities that can send internet activity and security logs from its cloud service directly to any external logging database or SIEM. The idea here is to allow enterprises that are transitioning over to the services that iBoss offers to retain their existing investment in a SIEM platform.
More and more enterprises are considering SD-WAN technology as a path forward that potentially can increase security. However, in their rush to the latest and greatest technologies, they may be leaving critical cyber requirements behind and creating blind spots. SIEMs are one of the most critical technologies for maintaining cybersecurity hygiene and providing cybersecurity professionals with the insights needed to meet compliance requirements, while also identifying potential attacks. Moving forward, businesses cannot afford to forget about the importance of a fully functioning SIEM.
