Businesses today cannot afford to be hacked. Cyber attacks can result in hefty fines and lawsuits, not to mention the reputational damage that can result in long-term revenue loss. Of course, this has always been true. But what has changed over the past few years is both the sheer volume of attacks and the growing sophistication used in them.
To counter these threats, more and more organizations are looking to tighten security controls. The problem these organizations are facing, however, is that securing IT environments today is much more complicated. As organizations seek to enhance cybersecurity, they are also facing a reality in which software development is constantly shifting.
It’s a brave new world
Cybersecurity used to be the sole responsibility of the SOC or Security Analyst. In some organizations, MSPs or MSSPs would be used. Today, though, more and more companies are looking to their DevOps teams for securing production. In this brave new world, these engineers face a very different kind of IT environment than what their predecessors had to deal with.
Modern applications, together with the infrastructure they are deployed on, are distributed, dynamic, and transient in nature. DevOps methodologies are enabling organizations to deploy code into production with ever-increasing velocity. Securing a microservice-based application orchestrated with Kubernetes and deployed on AWS is very different than securing a multi-layered monolith deployed on-prem.
Sure. There is a long list of security systems promising to help bridge these differences, but are they enough? Let’s take a closer look at some of the key challenges DevOps and security teams are facing today.
Modern environments are much noisier. There is a larger amount of systems and components generating both data and alerts. This, in turn, results in a large number of false positives as well as obscured visibility.
Integrating with different data sources for tighter security and end-to-end security monitoring is much more difficult. Not all security management systems come with out-of-the-box integrations for common collaboration, task management, and other R&D tools that are part of the SDLC and operations processes.
Maintaining security systems can be costly. Every component added to the application or infrastructure requires more effort. Security systems that require manual intervention for scaling the service or complex procedures for configuration can burden the security and DevOps teams, resulting in an actual cost in terms of time and money.
Wanted: a Cloud SIEM
Traditional SIEM systems can help overcome some of these challenges, but not all. These solutions are often complex and expensive, ineffective in preventing attacks and put simply, ill-suited for the world of DevOps. Distributed environments require flexibility, integrability and scalability whereas legacy solutions are rigid, slow, sequential and implemented in siloed environments, which ultimately impedes CI/CD development processes.
To overcome the challenges outlined above and answer the key requirements of a modern security system, next-gen SIEM security systems must support the following:
- Handle data growth – As the amount of traffic and data that organizations obtain and manage grows nonlinearly, a valuable security system must know to normalize new data and data types as well as index them in a smart way.
- Filter false positives- The security management system should be able to distinguish between real and false-positive incidents as well as not indicate a threat during false events.
- Meeting compliance – Security management systems must be able to handle compliance and regulation requirements in order to eliminate compliance obstacles in different countries and regions.
- Simplified user interface – Since security systems are accessed and are required to deliver an extensive amount of information mostly during times of stress or attacks, the system user interface must be simple, clear, and user-friendly.
- Visibility – Security management systems must have the ability to provide full visibility and transparency. They must also be able to dive into every incident detected in real-time.
There is a huge demand for SIEM systems that can provide all of the above but this is just a partial list of what is required from a modern SIEM in the world of DevOps. The full list is detailed in our “Requirements of a Security Platform in a DevOps World” whitepaper, available for download below.