Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
June 29, 2016
Every time I go to NYC I get a sudden surge of energy along with some edginess. During my first meeting ever in NYC I had a guy tell me, “You have 15 bleep bleep and bleep minutes to show me some value or your bleep is out the door.” I love this attitude because you know EXACTLY where you stand. The city that never sleeps sets the tone and pecking order when it comes to trends. I say usually because for the last two or three years, the good people of NYC have seemed a bit behind in technology and cloud services.
Last week I was lucky enough to do present at the “Architecting the Cloud” Symposium for IANS in New York and as I prepared for the session, my first thought was, “make sure you bring them along slowly.”
Here is what I learned from the 50 or so people in attendance across a wide range in verticals including, healthcare, finance, retail, telecommunications and government:
– Most of the folks there are adopting SaaS (Office365, Salesforce, BOX)
– Many are using Amazon Web Services (AWS) for at least a few use cases like DR or Development work
– Almost everyone is looking at Microsoft Azure as a viable option
– Several people mentioned bifurcating workloads between providers
– People are looking for good MSSP/MSP’s to help with the transition between BiModel 1 & 2
– Traditional tool sets are not working for Cloud Computing (DLP, SIEM, Deep Packet Inspection)
– Cloud Access Security Brokers (CASB) is hot, the Symantec Acquisition of Blue Coat (Elastica) is just the beginning
– Is User Behavior Analytics (UBA) real and who is doing it well?
To add some more detail, it is hard to stand up solutions that work both on premise and off premise. It is also extremely difficult to ingest data from multiple sources that are on the cloud. Security professionals are combining potentially competitive solutions like ELK and QRadar. ELK to gather logs via API’s from AWS then porting them into Radar for analysis. Problem being, two vendors = finger pointing and lack of scale.
This problem is not unique to NYC, as SaaS-based apps and IaaS start taking over, logs, scale and automation are still an issue in the security space.
Why is this so hard of a problem to solve? And why would anyone buy more on-premise infrastructure to manage cloud-based workloads? At Sumo Logic it seems like we have a real opportunity to change the game as we shift our focus to Security Analytics. Am I correct in thinking that this is what the world wants us to do?
Also what MSSP’s/ MSP’s do people like out there? I have a few thoughts and while the feedback at the Symposium was valuable, it was mostly negative.
So like the good people of NYC, please be direct and straight forward with your comments. I expect to hear back from you bleeping people soon.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial