With New Cloud Services, SIEM Becomes a Reality for Many

By Mike Sprunger, Senior Manager of Cloud and Network Security

Have you been hoping to deploy Security Incident and Event Monitoring (SIEM) technology at your organization for years, but couldn’t because of cost or lack of sufficient infrastructure? Well, your wait might finally be over.

Brand new services

New cloud-native services recently unveiled by Microsoft and Google — two of the biggest public cloud service providers — makes SIEM attainable, even for smaller companies with limited cybersecurity budgets.

Up until now, leveraging SIEM capabilities has been difficult for organizations that lack the required storage and processing infrastructure to support SIEM. They’ve been unable to take the financial plunge needed to use the technology effectively.

But over the past month or so, both Microsoft and Google have announced new, cloud-native services that support SIEM. Because they’re based on the cloud, these offerings are much more affordable.

Specifically, Google unveiled security-related capabilities for its Google Cloud Platform (GCP). This includes Cloud Security Command Center (Cloud SCC), a security management platform for GCP that features an Event Threat Detection (ETD) service.

Meanwhile, Microsoft announced Microsoft Sentinel, a cloud-based SIEM platform that delivers intelligent security analytics and is designed to simplify the collection of security data across an entire hybrid IT environment.

Benefits in terms of cost and scale

Companies can leverage either of these services to gain the functionality and capabilities of SIEM without having to spend money on servers, storage systems, and related maintenance and support for that hardware. Going from capital expenses to operating expenses, something that’s enabled by the cloud, makes SIEM a more attractive financial proposition for many companies.

Another benefit of these services is that they can be deployed more quickly than on-premises SIEM platforms. That’s because Microsoft and Google are providing all the necessary infrastructure and expertise.

Cloud-based SIEM is also easier to scale. Companies can scale processing and storage up or down as they need to since it’s all handled in the cloud. This means they no longer have to worry about how long to hold onto security logs because of storage capacity limitations. With cloud-enabled scalability, companies also are no longer limited in the number of events they can handle and don’t need to port event logs out of the cloud environment into on-premise platforms if they have any of those products. The cloud services can be expanded in whatever ways a customer might need.

These new SIEM services operate in basically the same way that traditional SIEM products work. But they offer additional and unique capabilities. For instance, the Microsoft offering can pull data from the entire Microsoft ecosystem of products.

A note on connectors

One of the drawbacks of the new services is that they lack broad connectors to other technology platforms that can provide information about events and incidents. Microsoft and Google are both working to develop predefined Application Programming Interface (API) connectors to as many products as possible.

There are also Software Development Kits (SDKs) available for each of the services that let organizations with skilled developers build their own connectors.

For security, above all else

These new services give organizations options for SIEM that previously weren’t available. For many, they provide an entry point for the technology at a cost they can live with. Ultimately, they can help companies bolster their security operations at a time when many are struggling to safeguard their data as they move into hybrid IT environments. 

Want to learn more about SIEM and how to take advantage of its capabilities for your organization? We’d love to discuss this with you. Contact us today to request a meeting with one of our experts.