3 Steps for CISOs to Get More Out of SIEM Tool

essidsolutions

This year, we saw a tectonic shift in work patterns, redefining what we consider the perimeter, core and edge of enterprise infrastructure. Reports Opens a new window suggest that COVID-19 and the rise in cyber crimes are major drivers for pushing up the demand for Security Information and Event Management (SIEM) — an industry that is set to grow by $3.94 billion over the next four years.  

At its core,SIEM is a software that provides real-time analysis of security alerts, log data, and event data generated by applications and hardware within the organization’s IT infrastructure. Leading industry experts posit that in a high-risk environment, cloud-based SIEMs are valuable for detection threats across networks and systems. 

Meanwhile, data shows that IT budgets continue to shrink, placing Chief Information Security Officers (CISOs) between a rock and a hard place. Companies are reducing IT spends by 4.5 to 15.5%, even as phishing attacks jump by 667%. So, how can CISOs make SIEM, a core part of the organization’s security infrastructure go the distance at optimal costs? 

In this article, we provide a three-point action plan to remove inefficiencies and generate maximum value from SIEM implementations.  

Learn More: Top Vendors Pushing the Boundaries of SIEM

3 SIEM Pitfalls and How to Avoid Them 

Now is the time when your SIEM must kick into third-gear. Businesses need to modernize their network infrastructure to stay afloat in a low-touch economy. Remote employees might be using their personal devices to access API-enabled web apps. This introduces new attack vectors, requiring a more capable SIEM mechanism. 

The downside of WFH boom is that the data volumes the SIEM can ingest are growing and possibly exceeds budgetary thresholds. To balance operational needs with cost constraints, it is critical to avoid the following pitfalls: 

1. Investing in on-premise SIEM 

Homegrown SIEM was once a popular alternative to expensive commercial solutions. Companies could adopt the ELK trio (Elastic, Logstash, and Kibana) open-source technologies to ingest data, analyze it, and respond. However, this creates two cost centers: 

  • There’s no built-in analytics engine: Companies must invest in full-time security analysts to keep the system up to date. 
  • It needs heavy upkeep at regular intervals: On-premise SIEM  deployments require ongoing operational support in terms of configuration. 

There’s also the potential cost arising from risk exposure, in case the SIEM platform fails to defend against new, sophisticated threats.

Pro tip:  In today’s highly mature cybersecurity landscape, build is recommended only for digital-first companies with in-house domain experts. It is advisable to switch to a cloud-based, managed SIEM platform that requires low efforts to maintain and scale. You pay only for the resources in use, there are no hosting expenses, and your now-free IT resources can spend their time on creating value. IDG foundOpens a new window that cloud-based SIEM could lower OPEX and staffing costs by 40% and shrink CAPEX by 34%. 

2. Holding onto capacity-based pricing

Under capacity-based pricing, your billing quotient is directly linked to the dynamic data flow. Log search, the number of alerts, and data analytics volumes all contribute to your final cost. This sounds great on paper, promising a perfectly-optimized SIEM strategy where your investment is linked to service consumption. But in reality, capacity-based pricing makes it difficult to scale. Any degree of business growth will inevitably take you over your budgetary threshold. 

In 2020, as companies face volatile demand and an uncertain economic climate, capacity-based pricing will cloud CISOs’ visibility into costs. 

Pro tip: Consider the recently emerging “unlimited” pricing model. As the name suggests, you pay a flat price regardless of your log volumes and data ingestion per month/day, with no penalties for scaling. For CISOs working with a seasonal business or ongoing digital transformation initiatives (e.g., transitioning to WFH), unlimited pricing can help to save significantly. 

Note: Unlimited pricing is relatively new and only a handful of vendors offer it. User-based pricing can also act as a smarter alternative to traditional capacity-based models, particularly for companies taking a conservative hiring approach in 2020. With your employee numbers remaining steady across the next few quarters, user-based pricing is sure to unlock predictable costs. 

Learn More: Your 6-Point Guide for Evaluating Next-Gen SIEM Tools

3. Putting software before strategy

Which came first, the software, or the strategy? For SIEM, the answer is very clear. 

Enterprise security is always shaped by its people, culture, and overall operational strategy – long before technology can come into play. It’s for this reason that SIEM is so important right now. WFH signals a major cultural shift for workforces around the world, and employees are likely to bring digital “bad habits” from the personal to the professional space. For example: 

  • In their downtime, employees might visit risky – if not outright malicious – websites from a work device 
  • Employees might open suspicious-looking emails from a professional email ID. This risk has multiplied during COVID-19 
  • Security teams might start working in silos without the convenience of in-person communications 

A report Opens a new window found that 84% of companies plan to WFH for the foreseeable future, but a sizable 41% haven’t taken any steps to equip their remote employees with more secure access. 

Pro tip:  In 2020, CISOs need to pay close attention to their SIEM strategy before making any technology decisions. Granted that there will be several digital transformation programs in the pipeline – selecting a vendor, moving from on-premise to the cloud, renegotiating pricing models, etc. But it all begins with a clearly outlined framework where you identify the latest and projected attack vectors, set your perimeter, beef up protection at the core, and define policies for the edges. 

The last one is extremely important, as devices on edge (e.g., mobile phones, tablets, and personal laptops) will be responsible for handling a lot of throughput in 2020. 

Wrapping Up 

This is admittedly a difficult time for CISOs, who are constantly juggling business growth and evolving security threats with cost constraints. Add to that, SIEM costs have always been a consistent hurdle for growing businesses. Increased headcount, infrastructure extension and IT modernization all stretch SIEM budgets and increase IT workloads. Outlining an intelligent strategy that proactively bypasses the pitfalls of build, on-premise hosting, and capacity-based pricing can help CISOs manage swelling SIEM costs.  

Do you think SIEM deployments fail to deliver as per expectations?  Comment below to let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA