• Home

  • Documents

  • SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control...
7
SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

Embed Size (px)

Citation preview

Page 1: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

SIEM IN THE CLOUD:Cost-Effective Solutions For Taking Control Data Overload and Scaling Security

BLACKSTRATUS SOLUTIONS BRIEF

Page 2: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

Increasingly, both private and public institutions arerealizing that to ensure the security of their IToperations, it is prudent to consider the merits ofoutsourcing their IT services. This new focus is nowa key factor driving the explosive growth in cloudcomputing. The cloud computing model offersorganizations the ability to:

• scale IT smoothly and cost effectively, withoutthe periodic need to retool and build upexpensive base-l level infrastructure,

• re-architect systems and networks for growth,add staff, re-negotiatesoftware licenses, and

• proliferate security systems to monitor theincreased data flows and ever-expanding pointsof vulnerability.

Organizations that look to the cloud are looking forstandard services delivered according to a pricingmodel that scales in a linear way with theirconsumption of those services. They also want toknow that the services being provided are deliveredsecurely, that their data is protected, and that theentire process can meet the rigors of any regulatorycompliance requirements.

A host of new technologies are making cloudcomputing possible. New virtualization techniquesallow providers of cloud computing to distributecomputing power to the need more efficiently. High-bandwidth networks with protocol prioritization andoptimization enable more business to be done off-premise. New application-aware, business continuitytechnologies assure clients that cloud computing isresilient and business uptime will be preserved.Web- based applications enable software-as-aservice (SaaS). And full-featured, remote systemsmanagement tool sets enable outsourcers to monitorand trouble-shoot systems and network problems inreal-time.

Page 1

INTRODUCTIONNevertheless, not every technology vendorunderstands the nature of cloud computing andreflects that understanding in their offerings. Manydon’t fully grasp the uniqueness of the outsourcingbusiness model and how costs should scale evenlywith service consumption.

This is reflected in awkward or irrelevant pricingschemes extended to the cloud services provider.Not every vendor has architected their product tosupport multi-tenancy, sharing resources whilemaintaining logical partitioning by the client. Notevery vendor scales gracefully, which forcesproviders to continually add gobs of new compute-power for small increments in service growth.Finally, many vendors haven’t thought through theneed for client reporting that is distinct frommanagement reporting.

Here at BlackStratus, we understand cloudcomputing, and what is needed for our customers tobe successful. As the pioneer and leader in SecurityInformation and Event Management (SIEM)technology, BlackStratus is transforming all securityrelated data – from the core to the edge to the cloud– into actionable security intelligence. We’reproviding organizations and providers of cloudcomputing with a whole new breadth, level, andquality of security decision support, putting the rightinformation into the right people’s hands at the righttime to ensure compliance, reduce risk and assurebusiness continuity.

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

Page 3: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

One of the key drivers of cloud computing is therunaway acceleration in our collective creation ofdata. In 2010, 161 exabytes of digital informationwere created. This is the rough equivalent of 3million times the information contained in all thebooks ever written. Or, viewed another way, theequivalent of 12 stacks of books, each extendingmore than 92 million miles from the earth to the sun.This is a phenomenal amount of data, yet it’s just adrop in the bucket. By the end of 2016, Ciscoestimates that the annual global IP traffic will passthe zettabyte threshold. So if you thought anexabyte was pretty big – try stacking up 1000 ofthem to make a single zettabyte.

Yet all of this content lives somewhere and there areorganizations and businesses that are legallyresponsible for the security, privacy, reliability andcompliance of much of that data. As you canimagine, the resulting impact on IT resources ismassive. So how are companies coping? In manycases they are outsourcing much of their ITresponsibilities and looking to the cloud forsolutions.

Forbes magazine believes that 2016 will be the yearthat the cloud will solidify its role as an innovationengine for business. Viewed as both the latest ITstrategy buzzword and a gateway to new things, thecloud is perhaps best known for its ability to helpcompanies contain costs.

The ease by which cloud-based services can beadopted as well as the clear economic benefit – forboth the consumers and the providers of cloudcomputing services – are helping to drive thegrowth.

Page 2

An increase in the importance of security is a naturaloutgrowth of this data explosion and the expansionof cloud computing. The proliferation of data bringsa corresponding need for data security, especially inhighly regulated industries such as healthcare,retail/banking, government, and utilities. Providers ofcloud computing are in an ideal position to capturethis natural uptick in demand.

Popular security services for outsourcing includefirewall management, vulnerability assessments,patch management, IDS management, e-mailsecurity and content filtering, intrusionresponse/forensics, change/anomaly detection, andsupport for compliance reporting.

While saving money and scaling efficiently areenormous factors in why organizations look to thecloud for their security services, there are otherreasons as well. An organization may lack expertise,may desire to concentrate on core competencies, orcould have a need for a 24x7 service that it is not ina position to provide. Managed security services arealso a popular option for organizations that want toco-source a portion of their IT efforts (such asfirewall and gateway security), in which case themanaged security service provider serves as anextension of the organization’s IT staff.

GROWTH OF CLOUD COMPUTING

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

SECURITY SERVICES AND CLOUD COMPUTING

Page 4: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

Security Information and Event Management (SIEM)is a vital component of what a cloud securityservices provider can offer its customers.

SIEM technologies enable outsourcers to deliver anextensive portfolio of security services, with SIEMproviding a top layer of supervisory analysis andintelligence across the portfolio that provides muchneeded context and support for decision-making.SIEM transforms noisy, low-level security eventinformation generated by firewalls and intrusionprotection systems (IPS) devices into alerts that canbe readily comprehendedby securityanalysts.

SIEM uses data aggregation and event correlationalgorithms and applies these to event logs generatedfrom security devices such as firewalls, proxyservers, IDS and IPS devices, and antivirus software.SIEM products also normalize data – that is, theytranslate Cisco and Check Point Software alerts, forexample, into a common format so the data can becorrelated by a single system. The best SIEMvendors work with hundreds of different devicesallowing the managed security service provider topick best of breed and still consolidate the securityintelligence with SIEM.

Regulatory compliance is another key value for SIEMin the Cloud. Customers operating under theguidelines of PCI, HIPAA, FISMA, NERC/CIP, GLBA,and more, need SIEM in their practice. According toa Forrester survey of 1,335 security decision-makers, 32% buy SIEM technology for complianceand reporting, followed by 21% for incidentinvestigation and 13% for log management.

Page 3

Like network management software, SIEM toolsgenerally consist of specialized servers or agents thatfunction as data collectors, and one or morespecialized servers for doing data analysis,correlation, and database functions with reporting.

SIEM is a natural fit to the outsourcing model. SIEMtypically requires significant data storage that clientorganizations are challenged to provide; has highscaling requirements with respect to eventcollection; provides third-party device datainteroperability that outsourcers can leverage acrossmultiple customers; often requires a 24 x 7 securityoperations center approach, and may involve acompliance mandate – such as PCI DSS or HIPAA –with tightly defined technical requirements whereoutsourcers can demonstrate core competencyacross multiple customers in the same vertical.

According to Forrester Research, with compliancedemands growing, such as Payment Card IndustryData Security Standard (PCI DSS), SIEM products aregaining considerable attention, and providers ofcloud computing are positioned to become theprimary providers of SIEM.

But a fully realized SIEM solution can be bothdifficult to configure and costly to build. While someof the largest organizations have the budget and theintellectual capital available to build a SIEM solutionof their own – most do not. Once again – the cloudhas enabled a solution – SIEM in the Cloud.

SIEM IN THE CLOUD

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

Page 5: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

CyberSharkTM is a cloud-based security andcompliance service that allows Managed ServiceProviders (MSPs) to deliver enterprise-class securityinformation and event management (SIEM) to smallbusiness customers at an affordable price.CyberShark's scalable, multi-tenant softwareplatform comes backed by a team of expert securitypersonnel and uses the latest threat intelligence datato identify potential security breaches in real-time.

With CyberShark you can focus on building asustainable SIEM services business that doesn'trequire you hire more security analysts or invest inexpensive infrastructure.

And your SMB customers? They can reduce risk andrespond to threats faster while achieving complianceand ensuring business continuity.

BlackStratus technology powers the SIEM backboneof many of the world’s leading MSP’s and RemoteOperations Centers. For organizations who want to“quick-launch” into the managed security servicesbusiness, BlackStratus global MSP partners canprivate-label these services.

For providers of cloud-based security services,expanding the customer base can be challenginggiven the difficulty of managing every customersecurely and cost-effectively - especially since eachcustomer has unique service and compliancerequirements. To address these diverserequirements, cloud-based providers need aninfrastructure that is secure yet flexible, and caneffectively scale to support all types and sizes ofcustomers, without customizing the platform eachtime. BlackStratus technologies are sensitive to theseunique requirements, and offer a range ofcompelling benefits highlighted below:

Page 4

CYBERSHARKTM – POWERED BY BLACKSTRATUS CyberShark is the market’s only cloud-based SIEM

solution that employs a multi-tenant architecturewith comprehensive permission and segregationsystem that allows service outsourcers to keep eachcustomer’s data protected and separate, providingprivacy, protection and integrity. Segregation ofcustomer data is also extended to customer devicetypes and to analyst teams. Analyst permissions canbe tailored to allow/prohibit specific customer,device types or specific devices within customer.

Account Segregation System

Visual representation of security information such asgraphical dashboards and event graphs that illustratedependencies help an analyst to more quickly anddefinitively identify an incident. Standard reports andtemplates can be customized for the needs ofindividual accounts (or for multiple accounts).Dashboard visualizations are layered allowing drill-downs to get increasingly detailed views on anytargeted element.

Account Visualization System

Providers of managed security services can offercustomers their own virtualized view of securityinformation. This can be customized, scheduled andaccessed througha web-based reportportal.

Virtual Account Views

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

Page 6: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

Page 5

N-Tier ArchitectureThe CyberShark architecture is fully federated forhigh performance and scalability across any network,regardless of how many customers and locations areinvolved in an implementation. This ensures thatthere is no single point of failure, and that theapplication is efficiently distributed to optimizeperformance based on users and event volume.Providers can easily expand their SIEM coverage byadding more collectors and correlation engines asneed demands.

Unlike many SIEM vendors, with BlackStratus thereis no need to resize the database and the reportingand visualization console every time service expands.The multi-tier architecture also allows outsourcers tominimize hardware and more easily extend the SIEMinfrastructure as the customer base grows and asbusiness requirementschange.

Security analysts cannot be effective watching aplethora of security events across multiple customernetworks stream by their screen at high rates ofspeed. CyberShark enables security analysts to domore consultative, preventative, higher-valued workon behalf of their accounts, knowing that should anymalicious activity occur, they will receive anautomated alert relevant to that particular customer.

Remote Updates and Patch Management

All updates and patches appropriate to apply todeployed BlackStratus technologies, either oncustomer premise or in the cloud, can be deliveredor installed remotely from a master “provider”machine that automates the process.

Advanced Correlation

BlackStratus identifies suspicious patterns thatwould otherwise go unnoticed. Multi-dimensionalcorrelation delivers unparalleled security visibility bytying together diverse security activities across thecloud provider’s customer base. CyberSharkallocates a full correlation engine to each cloudcustomer. Correlation functions include rule-basedanalysis, vulnerability correlations leveraging scannerdata, plus statistical, and historical analysis.

Customer-Based Alerting

Compliance Audit Framework and Reporting

BlackStratus provides an integrated security auditframework to facilitate regulatory compliancereporting. The framework provides the ability tocreate status reports that are relevant to the majorregulations such as PCI, HIPAA, FISMA, etc.It includes:

• Knowledge-base guidance that details what the regulated customer must monitor and include in their reporting.

• Detailed, step-by-step instructions for configuring, aligning, and monitoring devices and other resources affected by the relevant regulation.

• Advanced correlation rules and report templates needed to speed deployment.

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

Page 7: SIEM in the Cloud - BlackStratus · SIEM IN THE CLOUD: Cost-Effective Solutions For Taking Control Data Overload and Scaling Security BLACKSTRATUS SOLUTIONS BRIEF

service being provided is relevant to them, and thiscan differentiate the cloud provider in themarketplace.

We are the only SIEM technology vendor that“powers-the- cloud” in a way that supportsexponential increases in data flows with modestincrements in infrastructure costs. Our multi-tenancyand federated architecture put cloud providers in aposition where they can grow their security businesswithout experiencing spiraling costs.

Multi-Device CoverageBlackStratus integrates natively with hundreds ofnetwork and security devices, applications anddatabases. CyberShark is capable of connecting tomost devices out-of-the box, and most importantly,these connections don’t require installation on theactual devices. We connect and collect third-partydevice information non-intrusively.

BlackStratus also understands the cloud computingbusiness model and can construct licensing that issensitive to the unique requirements. Further, ourSOC One professional services organization canprovide comprehensive support to help implementand customize a SIEM environment tailored to theneeds of the security service provider.

BlackStratus is a pioneer of security and compliancesolutions deployed and operated on premise, in thecloud or “as a Service'' by providers of all sizes,government agencies and individual enterprises.Through our patented multitenant securityinformation and event management (SIEM)technology, BlackStratus delivers unparalleledsecurity visibility, prevents costly downtime andachieves and maintains compliant operations at alower cost to operate.

To learn more about BlackStratus MSSP solutions,visit: www.blackstratus.com/MSP

BlackStratus has been working with some of thebiggest names in cloud computing for many years.Supporting them with SIEM technology is our corebusiness and we are good at what we do.

Our ability to securely segregate multiple datastreams and customize reporting not only givesproviders of cloud-based security services theopportunity to develop standard offerings that canbe replicated for other customers, but also allowsthem to develop new, distinct offerings that cangenerate incremental revenue without further capitalinvestment. Each customer will understand that the

COST EFFECTIVE SUPPORT FOR EXPONENTIAL INCREASES IN DATA

ABOUT BLACKSTRATUS

BLACKSTRATUS SOLUTIONS BRIEF | SIEM IN THE CLOUD

BlackStratus and the BlackStratus logo are trademarks of BlackStratus, Inc. Other third-party trademarks are the property of their respective owners. © 2016 BlackStratus, Inc. All Rights Reserved.

BlackStratus, Inc. | 1551 South Washington Avenue Suite 401 | Piscataway, NJ 08854 | T. 732.393.6000 | F. 732.393.6090 | www.blackstratus.com


The SIEM Evaluator’s GuideThe SIEM Evaluator’s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are

The SIEM Evaluator’s GuideThe SIEM Evaluator’s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are

Documents
SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

Documents
Spending Your Money Judiciously on Cloud - UST Global · the reliance on public cloud ... ips, ids, waf, siem, ... ust global i spending your money judiciously on cloud – a ust

Spending Your Money Judiciously on Cloud - UST Global · the reliance on public cloud ... ips, ids, waf, siem, ... ust global i spending your money judiciously on cloud – a ust

Documents
SIEM in the Cloud - oaca-project.org€¦ · It is no secret that Security Incident and Event Management (SIEM) systems are a core part of the security controls for any enterprise

SIEM in the Cloud - oaca-project.org€¦ · It is no secret that Security Incident and Event Management (SIEM) systems are a core part of the security controls for any enterprise

Documents
Enfo siem säkerhetsdagen_2013

Enfo siem säkerhetsdagen_2013

Documents
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and the Cloud

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and the Cloud

Technology
BLACKSTRATUS SOLUTIONS BRIEF SOX RELOADED

BLACKSTRATUS SOLUTIONS BRIEF SOX RELOADED

Documents
Magic Quadrant for Security Information and Event … · BlackStratus is a SIEM technology and service-focused vendor with solutions aimed at large enterprises, small or midsize businesses

Magic Quadrant for Security Information and Event … · BlackStratus is a SIEM technology and service-focused vendor with solutions aimed at large enterprises, small or midsize businesses

Documents
Cloudten: SIEM in the AWS Cloud

Cloudten: SIEM in the AWS Cloud

Technology
siem tirana

siem tirana

Documents
There are No Perimeters Anymore · SOC team. A SIEM tool is of importance here. Azure provides a cloud-based SIEM tool called Azure Sentinel. This also qualifies as a SOAR tool. However,

There are No Perimeters Anymore · SOC team. A SIEM tool is of importance here. Azure provides a cloud-based SIEM tool called Azure Sentinel. This also qualifies as a SOAR tool. However,

Documents
Volantino Siem

Volantino Siem

Documents
Changes in SIEM - Traditional vs Cloud-born · What is SIEM? Security Information and Events Management •Term coined by by Mark Nicolett and Amrit Williams of Gartner in 2005 •Different

Changes in SIEM - Traditional vs Cloud-born · What is SIEM? Security Information and Events Management •Term coined by by Mark Nicolett and Amrit Williams of Gartner in 2005 •Different

Documents
Next-Generation SIEM: Delivered from the Cloud

Next-Generation SIEM: Delivered from the Cloud

Technology
ArcSight SIEM

ArcSight SIEM

Documents
Benchmarking SIEM

Benchmarking SIEM

Documents
The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

Documents
Projekte der Siemens Enterprise Communications mit dem ... · (IPS, NAC, and SIEM) Network management software OpenScape Cloud Service Cloud-based Enterprise UC One-number service

Projekte der Siemens Enterprise Communications mit dem ... · (IPS, NAC, and SIEM) Network management software OpenScape Cloud Service Cloud-based Enterprise UC One-number service

Documents
2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

Documents
Siem leadconf sf_pm_31052013

Siem leadconf sf_pm_31052013

Business
ISSA Siem Fraud

ISSA Siem Fraud

Technology
The SIEM Buyer’s Guide for 2020 - The SIEM...The SIEM Buyer's Guide for 2020 1 WHITE PAPER 1. What is a SIEM 2 a. The evolution of a SIEM 3 b. Legacy SIEMs are stuck in the past

The SIEM Buyer’s Guide for 2020 - The SIEM...The SIEM Buyer's Guide for 2020 1 WHITE PAPER 1. What is a SIEM 2 a. The evolution of a SIEM 3 b. Legacy SIEMs are stuck in the past

Documents
Symantec™ SIEM 9700 Series Appliances · 16 SIEM 9700 Series appliance hardware removal and replacement SIEM 9700 Series appliance guide rails and rack SIEM 9700 Series appliance

Symantec™ SIEM 9700 Series Appliances · 16 SIEM 9700 Series appliance hardware removal and replacement SIEM 9700 Series appliance guide rails and rack SIEM 9700 Series appliance

Documents
SIEM Architecture

SIEM Architecture

Technology
KUSTODIAN SECURITY OPERATIONS CENTRE SIEM- · PDF fileKUSTODIAN SECURITY OPERATIONS CENTRE SIEM- “SIEMONSTER” HIGH ... FIR put into Proteus ... both in the cloud such as AWS or

KUSTODIAN SECURITY OPERATIONS CENTRE SIEM- · PDF fileKUSTODIAN SECURITY OPERATIONS CENTRE SIEM- “SIEMONSTER” HIGH ... FIR put into Proteus ... both in the cloud such as AWS or

Documents
SIEM eBook

SIEM eBook

Documents
Security Information and Event Management (SIEM) Mid ...• However, IBM, HPE ArcSight, and McAfee have closed the gap in all-in-one platforms and cloud- based SIEM tools often integrate

Security Information and Event Management (SIEM) Mid ...• However, IBM, HPE ArcSight, and McAfee have closed the gap in all-in-one platforms and cloud- based SIEM tools often integrate

Documents
SIEM Primer:

SIEM Primer:

Technology
SIEM INDUSTRIES

SIEM INDUSTRIES

Documents
MV SIEM Sailor - Welcome to Siem Offshore: Siem … Sailor Page Two Owner Siem Meling Offshore Da Builder Karmsund Maritim Services AS, Karmøy, Norway Built 2007 Design VS 485 CD

MV SIEM Sailor - Welcome to Siem Offshore: Siem … Sailor Page Two Owner Siem Meling Offshore Da Builder Karmsund Maritim Services AS, Karmøy, Norway Built 2007 Design VS 485 CD

Documents