HackDig : Dig high-quality web security articles

Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations

2017-03-10 12:10

Every five or six years, I find myself facing another major consumer purchase decision. My car gets old and my transportation needs change, for instance. It’s not quite as strategic as choosing a security analytics solution to protect a corporate enterprise, but neither I nor a chief information security officer (CISO) wants to regret the ultimate decision, so we both do a bunch of research and take a few test drives.

This time around, though, CISOs have a game-changing option to consider: SIEM in the Cloud. IBM QRadar is one of few recognized and trusted security intelligence solutions already used on-premises by thousands of organizations. QRadar on Cloud is the same solution, but deployed and managed by IBM service professionals. We host it, and you monitor and manage your security operations.

Register Now to learn more about SIEM in the Cloud

Top Benefits of IBM QRadar on Cloud

We faced many obstacles in the early days of selling this offering, including customer apprehensions, data privacy laws, network bandwidth issues and more. Still, we believed clients would see the value of moving security to the cloud. A year later, we and the Ponemon Institute conducted a study that validated this belief and revealed the top reasons why clients are giving QRadar on Cloud a try.

1. Time to Value

Time to value is, no doubt, our No. 1 sales driver. Because it collects so much data from everywhere in your network, deploying a SIEM is no joke. It can take months before security teams believe they are truly operational.

In a recent Ponemon study, security teams reported that 41 percent of SIEM buyers took six months or more to roll out their chosen solution, and 25 percent never achieved full deployment. The figure below shows that the majority of on-premises QRadar clients achieved full operational status in less than three months. Those that took longer either had larger deployments, fewer dedicated resources or some skills gaps. QRadar on Cloud is up in weeks — and in many cases days — depending upon the scale.

How long did it take for the solution to become fully operational?

2. Skills Shortage

Any CISO who has tried to hire and retain a trained team of security analysts knows how shallow the talent pool can be. QRadar on Cloud helps address staffing shortages by eliminating deployment and maintenance burdens. It’s a detection technology, and organizations that have adopted QRadar spend all their time doing higher order tasks, building sought-after security expertise rather than simply maintaining the solution. This can save SIEM users as much as 28 percent of their time.

Where does your security team spend the majority of its time?

3. Collect More Than Logs

Log data collection and management is essential for SIEM, but it’s only one type of security data. Several QRadar on Cloud clients cited the ability to correlate network flows and vulnerability data as top purchase criteria. Some said these capabilities gave them more confidence in the continued viability of the solution.

4. Desire to Maintain Control

While many organizations are glad to outsource the security infrastructure and maintenance duties, most are unwilling to depend upon others to monitor the network and deal with attack and breach remediations.

“What most corporate boards don’t want to hear is that no employees are actively participating in network defense,” one CISO told us. QRadar on Cloud customers want to know what’s going on minutes after a problem is detected.

5. Trading Capital for Operational Expense

This is another straightforward benefit of QRadar on Cloud. Rent instead of own; lease instead of buy. Other successful software-as-a-service (SaaS) solutions have paved the way for QRadar on Cloud.

Additional Insights

There were several secondary reasons mentioned for using QRadar on Cloud. All of these points were significant factors in a purchase decision for our clients, and more significant than something like that new car smell.

1. Flexibility to Outsource Monitoring

Control is great, but sometimes it makes sense to outsource some or all of the monitoring tasks. Managed security services providers (MSSPs) play this role, but going with a single source for infrastructure maintenance and monitoring raises the switching costs should you need to make a change down the road. With QRadar in the Cloud, IBM holds the environment, and customers can hire and fire monitoring resources as they see fit.

2. Avoid Hardware Obsolescence

It’s true — hardware gets old and new software demands more performance and capacity to keep up with ever-changing threats. An on-premises deployment is eventually going to require a refresh, which consumes security staff bandwidth that could otherwise be spent monitoring, investigating, etc.

3. Expand On-Premises QRadar Use Cases

This benefit was infrequently cited, but some existing on-premises clients said QRadar on Cloud was their preferred method for expanding managed device coverage beyond network firewalls, switches, routers, intrusion prevention systems (IPS) and intrusion detection systems (IDS).

Take Cloud-Based SIEM for a Test Drive

As with many security technology purchases, the key drivers and planned use cases vary across the size and purpose of the organization. The early client base runs the gamut from needing a compliance reporting solution inside 60 days to protecting a large public venue from business disruption within two years. Register for our upcoming webinar, “Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations,” to hear more about these and other client experiences with QRadar on Cloud.

As for my new wheels, I’d like a game-changing option, too. The question is, will it be nobler in my mind to get the Tesla and emit zero emissions or go with the Corvette I’ve wanted for the last dozen years? More likely, I’ll get something practical off the lot.

Register for the webinar Now

The post Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations appeared first on Security Intelligence.

Source: /076X1Gd9fuO/3~/ecnegilletnIytiruceS/r~/moc.elgoog.yxorpdeef

“Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations”0 Comments

Submit A Comment



Blog :

Verification Code: