Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations

Managing large volumes of information on day-to-day basis continues to be personal as well corporate challenge. When it comes to cybersecurity, IT organizations are not only fighting hackers and malware, but also data overflow from their own networks. Enterprises are struggling to effectively log, monitor and correlate the data to obtain actionable insights. They mostly rely on security information and event management (SIEM) for real-time monitoring of security events, analytics, investigation and compliance reporting.

However, choosing the right security analytics solution to protect a corporate enterprise is extremely crucial, given that there are so many options in the market. CISOs don’t want to regret the ultimate decision, and therefore do a bunch of research and proof of concepts.

Finding the Right SIEM Solution

The decision also needs to be made in terms of investing in people and processes to operate a SIEM tool, be it directly or through managed SIEM providers. While on-premises SIEM is the most preferred option for very large enterprises, SIEM solutions delivered as a service are emerging as a viable option for many others. These reduce the time to implement the solution, administer and scale as required. With increasing use of infrastructure-as-a-service (IaaS), SIEM-as-a-service is gaining popularity among organizations who look to simplify event log collection and analysis.

There are many vendors in the market who have labelled their offering SIEM-as-a-service. Vendors could range from managed security services (MSS) providers to others who are hosting a commercial SIEM tool or simply providing log management. Therefore, it’s important to choose a solution that is already trusted in the on-premises deployment model, and SIEM-as-a-service is the same solution delivered as an offering.

IBM QRadar is one of the few recognized security intelligence solutions already used on-premises by thousands of organizations. With QRadar on Cloud being the same solution, but deployed and managed by IBM service professionals, CISOs have a game-changing option to consider.

Read the White paper: Gartner Innovation Insight for SIEM as a Service

Top Benefits of IBM QRadar on Cloud

Customer apprehension, data privacy laws and network bandwidth issues are among the primary concerns for moving security to the cloud. But the value of this is too great to ignore. IBM has worked with Ponemon Institute to conduct a study that revealed why clients are giving QRadar on Cloud a strong consideration.

1. Time to Value

Deploying SIEM is no joke, given that it collects so much of data from everywhere in your network. It could take months before security teams believe they are truly operational.

In the Ponemon study, security teams reported that 41 percent of SIEM buyers took six months or more to roll out their chosen solution, and 25 percent never achieved full deployment. However, the majority of on-premises QRadar clients achieved full operational status in less than three months. Those that took longer either had larger deployments, fewer dedicated resources or some skills gaps. QRadar on Cloud is up in weeks — and in many cases days — depending upon the scale.

2. Skills Shortage

According to a Frost & Sullivan report, experts predict a shortage of 1.5 million open and unfilled security positions worldwide by 2020. The shallow talent pool is a constant challenge for organizations hiring and retaining security analysts.

QRadar on Cloud helps address staffing shortages by eliminating deployment and maintenance burdens. It’s a detection technology, and organizations that have adopted QRadar spend all their time doing higher-order tasks, building sought-after security expertise rather than simply maintaining the solution. This can save SIEM users as much as 28 percent of their time.

3. Collect More Than Logs

There are many SIEM vendors who only focus on log data collection and management. Although this is essential to SIEM, it is only one type of security data. Several QRadar on Cloud clients cited the ability to correlate network flows and vulnerability data as top purchase criteria. Some said these capabilities gave them more confidence in the continued viability of the solution.

4. Desire to Maintain Control

While many organizations are glad to outsource the security infrastructure and maintenance duties, most are unwilling to depend upon others to monitor the network and deal with attack and breach remediations.

“What most corporate boards don’t want to hear is that no employees are actively participating in network defense,” one CISO told us. QRadar on Cloud customers want to know what’s going on minutes after a problem is detected.

5. Trading Capital for Operational Expense

This is another straightforward benefit of QRadar on Cloud. Rent instead of own; lease instead of buy. Other successful software-as-a-service (SaaS) solutions have paved the way for QRadar on Cloud.

Additional Insights

QRadar on Cloud provides several other benefits. All of these benefits are significant factors in a purchase decision for our clients.

1. Flexibility to Outsource Monitoring

Control is great, but sometimes it makes sense to outsource some or all of the monitoring tasks. Managed security services providers (MSSPs) play this role, but going with a single source for infrastructure maintenance and monitoring raises the switching costs should you need to make a change down the road. With QRadar in the Cloud, IBM holds the environment, and customers can hire and fire monitoring resources as they see fit.

2. Avoid Hardware Obsolescence

It’s true — hardware gets old and new software demands more performance and capacity to keep up with ever-changing threats. An on-premises deployment is eventually going to require a refresh, which consumes security staff bandwidth that could otherwise be spent monitoring, investigating, etc. QRadar on Cloud being a SaaS offering helps you stay ahead without worrying about hardware obsolescence.

3. Expand On-Premises QRadar Use Cases

In few cases, our existing on-premises clients said that QRadar on Cloud is their preferred method for expanding managed device coverage beyond network firewalls, switches, routers, intrusion prevention systems (IPS) and intrusion detection systems (IDS).

As with many security technology purchases, the key drivers and planned use cases vary across the size and purpose of the organization. The early client base runs the gamut from needing a compliance reporting solution inside 60 days to protecting a large public venue from business disruption within two years.

View our on-demand webinar, “Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations,” to hear more about these and other client experiences with QRadar on Cloud.

Read the White paper: Gartner Innovation Insight for SIEM as a Service

Share this Article:
Satyakam Jyotiprakash

Portfolio Marketing Manager, Security Operations and Response Solutions, IBM Security

Satyakam Jyotiprakash is the worldwide Portfolio Marketing Manager for IBM Security Operations and Response (SOAR) solutions. In his previous role, he was the Offering Management and Alliance Leader for IBM Security Services in India/South Asia. With overall 12 years of experience in IT Security marketing, strategy and alliance management roles, he is passionate about developing superior strategies and tactics to collaborate with partners and win against competition. He specializes in communicating the market trends and business values of security solutions in the era of cloud and cognitive IT.