Home Technology It’s time for security teams to embrace security data lakes – TechCrunch

It’s time for security teams to embrace security data lakes – TechCrunch

It’s time for security teams to embrace security data lakes – TechCrunch

The typical company safety group spends $18 million yearly however is essentially ineffective at stopping breaches, IP theft and knowledge loss. Why? The fragmented method we’re at the moment utilizing within the safety operations middle (SOC) doesn’t work.

Right here’s a fast refresher on safety operations and the way we obtained the place we’re right this moment: A decade in the past, we protected our functions and web sites by monitoring occasion logs — digital data of each exercise that occurred in our cyber setting, starting from logins to emails to configuration modifications. Logs had been audited, flags had been raised, suspicious actions had been investigated, and knowledge was saved for compliance functions.

The safety-driven knowledge saved in an information lake might be in its native format, structured or unstructured, and due to this fact dimensional, dynamic and heterogeneous, which provides knowledge lakes their distinction and benefit over knowledge warehouses.

As malicious actors and adversaries turned extra lively, and their techniques, methods and procedures (or TTP’s, in safety parlance) grew extra refined, easy logging advanced into an method known as “safety info and occasion administration” (SIEM), which includes utilizing software program to offer real-time evaluation of safety alerts generated by functions and community {hardware}. SIEM software program makes use of rule-driven correlation and analytics to show uncooked occasion knowledge into probably invaluable intelligence.

Though it was no magic bullet (it’s difficult to implement and make every little thing work correctly), the power to seek out the so-called “needle within the haystack” and establish assaults in progress was an enormous step ahead.

As we speak, SIEMs nonetheless exist, and the market is essentially led by Splunk and IBM QRadar. After all, the expertise has superior considerably as a result of new use circumstances emerge consistently. Many corporations have lastly moved into cloud-native deployments and are leveraging machine studying and complex behavioral analytics. Nonetheless, new enterprise SIEM deployments are fewer, prices are better, and — most significantly — the general wants of the CISO and the hard-working staff within the SOC have modified.

New safety calls for are asking an excessive amount of of SIEM

First, knowledge has exploded and SIEM is simply too narrowly targeted. The mere assortment of safety occasions is now not enough as a result of the aperture on this dataset is simply too slim. Whereas there may be seemingly an enormous quantity of occasion knowledge to seize and course of out of your occasions, you might be lacking out on huge quantities of extra info corresponding to OSINT (open-source intelligence info), consumable external-threat feeds, and invaluable info corresponding to malware and IP fame databases, in addition to experiences from darkish internet exercise. There are countless sources of intelligence, far too many for the dated structure of a SIEM.

Moreover, knowledge exploded alongside prices. Information explosion + {hardware} + license prices = spiraling complete value of possession. With a lot infrastructure, each bodily and digital, the quantity of knowledge being captured has exploded. Machine-generated knowledge has grown at 50x, whereas the typical safety funds grows 14% 12 months on 12 months.

The price to retailer all of this info makes the SIEM cost-prohibitive. The typical value of a SIEM has skyrocketed to shut to $1 million yearly, which is just for license and {hardware} prices. The economics power groups within the SOC to seize and/or retain much less info in an try to preserve prices in test. This causes the effectiveness of the SIEM to grow to be even additional decreased. I not too long ago spoke with a SOC staff who wished to question massive datasets trying to find proof of fraud, however doing so in Splunk was cost-prohibitive and a gradual, arduous course of, main the staff to discover options.

The shortcomings of the SIEM method right this moment are harmful and terrifying. A latest survey by the Ponemon Institute surveyed virtually 600 IT safety leaders and located that, regardless of spending a mean of $18.4 million yearly and utilizing a mean of 47 merchandise, a whopping 53% of IT safety leaders “didn’t know if their merchandise had been even working.” It’s clearly time for change.


Please enter your comment!
Please enter your name here