Some great new research coming out of the survey data published by 451 Research on Enterprise spending for Information Security. There have been more advanced ways of trying to implement security controls and avoid security issues by integrating security into the development or continuous integration and release pipelines.
Despite that, there is still strong interest in using log and event data to manage the security posture of an organization in a SIEM solution.
Even in this mature market, there is still a lot of interest and challenges with this technology as it’s difficult to implement and scale.
Deploying SIEM is at the Top of the Priority List
“SIEM was identified as a top security project in our VotE: Information Security, Workloads & Key Projects 2020 by 18% of respondents, the most commonly cited project. Today, it’s in-use at 59% of enterprises, but that balloons to 87% of larger enterprises (those with more than $1bn in revenue).”
While SIEM is widely deployed, as the research finds, most deployments are data center-based. In other words, they’re running on and collecting data from traditional infrastructure.
Unfortunately for those deployments, most of our workloads run in the cloud, and SaaS makes up an ever-growing part of the software portfolio. Thus, SIEM solutions’ growth to meet new demand should anticipate further needs of companies yet to move to the cloud and take up those SaaS services. Therefore 451 also found that….
“Approximately 14% have SIEM projects either in pilot or in the hopper in the next six months. The most common technologies that enhance the value of a SIEM include the integration of threat intelligence (51%), an incident response workflow (47%), and behavioral analytics (26%).”
These latter three technologies are the most common requests we hear from customers as well. Using SOARs has increased and often drives a modern and automated incident response workflow, especially for MSSPs.
We also see a lot of changes in infrastructures as everyone moves to the cloud, creating additional issues with the legacy SIEM market. The two challenges with being primarily based in the cloud include additional data sources coming from common cloud providers (AWS CloudTrail, GuardDuty) and similar services from Microsoft and Google.
Additional data comes from authentication into SaaS services like Office 365, Salesforce, Okta, PingID, and Auth0 for example.
When running in the cloud with these services, the SIEM itself should 1) be delivered via SaaS and 2) scale automatically.
Logz.io can facilitate both requirements with our cloud-native architecture and support for many alternative data sources from cloud providers and SaaS solutions used by most organizations. The 451 Research report confirms this:
“SIEM implementations are still primarily on-premises (73%), but SaaS deployments (27%) and cloud based deployments (25%) are becoming more common”
Logz.io falls under a combination of both models as we are a SaaS service based on specific cloud providers. With the changes in customer infrastructures we continue to see strong interest from those who are changing to a SaaS and cloud-native deployment model.
The Most Popular Tool for MSSPs
SIEM is “the most commonly used service offered by managed security service providers at 50% of responses.”
Additional interest is being driven by managed security service providers (MSSPs) who need a SIEM to deliver their services. Those services include integrating, aggregating, and analyzing logs from a number of sources. Considering how diverse and wide-reaching those sources are including firewalls, infrastructure frameworks, application servers, cloud data, and an ever growing list of new endpoint technologies SIEMs carry a design hewn for the logs and events emitted by these systems.
This market is speeding up and interest continues to increase as confirmed by this research. Stay tuned for our additional features that will enable event management within the Logz.io Cloud SIEM soon. Similarly, the last category is behavioral analytics, which is also a high-priority item for us in 2021. Expect news on these fronts soon and throughout the year.
“Application security and security monitoring via SIEM remain strategic initiatives – Highlights from Voice of the Enterprise: Information Security, Vendor Evaluations 2020” Analysts – Daniel Kennedy Publication date: Friday, April 9, 2021.