SIEM is a great tool that offers you an unmatched capability to collect, store and analyze security information from across all your organisation. It generates and sends alert to IT admins or Security teams about potential attacks. SIEM also allows your IT team to detect and quickly respond to a large number of threats to your systems, data and networks.
What do you mean by SIEM as a Service?
Sometimes we call it a 'Cloud-based SIEM' too.
You may call it to the evolution of SIEM too where are usually deployed on premise and operated and managed by you or your team. When you take your SIEM to the cloud (from premise), you instantly gain more convenience, flexibility and control, as far as managing security-threats across your multiple environments is concerned. It retains the same effectiveness to all of your on-premises and in-cloud deployments.
After all, a Cloud-based SIEM provides you an effective and efficient way to constantly monitor all your devices, servers, applications, users, and infrastructure components on your network. And all from one central cloud-based dashboard...just like a “single pane of glass” you can see everything.
You can easily--
· Monitor systems, applications, and workloads, whether physical or virtual, anywhere in your network, whether in your data center, in a private cloud, or across one or more public clouds
· Get real-time alerts on security incidents
· Serve as the basis for risk analysis and audits
· Consolidate and manage security and event log data
· Automate compliance reporting
-
You may want to raise a question that --
A SIEM is supposed to offer all this by default, then what is different here?Your reasoning is very much valid and logical.
See, these are the times when your organisation may have already shifted some of its workloads and workflows to the cloud. If it is so, then you need to just understand ONE THING, i.e., by doing so, the threat-surface your organisation is facing has changed too. Since the threat-surface has changed, your way of performing threat-detection and your response also need to change.
Just recently, I have published a good post about 'Cloud Security' wherein I have elaborated the 'Shared Responsiblity' model of cloud-services. If you haven't read it, then go and read it fully...
When you were implementing all workloads and workflows at your own premises, then the responsibility of effectively managing your entire security infrastructure, from physical hardware to the data stored, was yours only. You were wholesomely responsible for everything. Right?
But cloud deployments of things, bring in a massive change in this responsibility. Because there is a split in responsibility model.
The shared responsibility models of AWS, Microsoft Azure, Google Cloud etc, set out that while the cloud service provider takes the responsibility for the security and maintenance of their clouds and of any supporting hardware. BUT, it is your organisation's responsibility to secure and maintain the data on those systems. If you don't managed your area of responsibility correctly, then you would be leaving a huge gap of visibility in your organisation's attack surface. You will be blind to so many security holes...
By default clouds have a highly dynamic nature. It takes only a few clicks to deploy or delete a workload in cloud.
On top of this, the introduction of multiple access and management capabilities makes it hard for you to manage, track, and audit administrative actions when your users can access your cloud resources from both inside and outside your corporate environment. All this renders traditional approaches to monitoring traffic flow ineffective. So new controls need to be applied.
-
Let us take things from an Attacker's perspective.
They can now decide to enter in to your network and then pivot to your cloud resource. OR, they can directly attack your cloud resources by compromising the credentials of an admin account who has full remote access to your cloud resources.
-
So what is the point?The point is that a cloud-based SIEM is designed to address these specific types of challenges that inherent to your organization’s move to the cloud. They provide the needed comprehensive visibility into the current state of security in an easy and effective solution.
On-premises SIEM provides a high level of control, but it also requires a high level of expertise and an appropriate budget. Cloud SIEM, on the other hand, enables you to grow at scale and outsource security talent, and you don't have to compromise over features you were using when it was deployed on-premise.
For, it is mandatory for you to carefully select the solution-provider after comparing closely what is offered by them on the plate. Never take anything granted here, because not all options of SIEM as a
Service are equal.
-
10- Questions To AskFrom Cloud-Based SIEM Solution-provider
Never forget to ask these:
1. Where is the solution delivered from, and where is my data stored?
2. How is my data protected?
3. Does the solution provide the scaling and ease of management benefits of a true SaaS model?
4. How is my data collected and transported to the SIEM?
5. What is the expected impact on network or internet links?
6. How does the vendor balance the cadence of feature and function upgrades with adequate testing to ensure availability and quality?
7. How does the vendor support security technologies that are part of their platform?
8. Is the licensing and pricing model SaaS-like?
9. How does the vendor ensure availability of the SIEM solution?
10. What happens at the end of the agreement?
-
Fight Threats, Not Your InfrastructureWhen you have a shortage of competent staff and staring at sophisticated threats/attacks, then your team doesn’t have time to waste on operational overhead. With a good Cloud-based SIEM, there’s no hardware to manage and maintain. Your team can focus entirely on threat hunting, qualification, and incident response and remediation.
-
Kindly write 
your comment on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all if the information shared here helps you in some manner.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM