Security Information and Event Management (SIEM) solutions often predate CWWP ones – these products were logical extensions of standard network reporting. SEIM solutions focus on the analysis event data in real time for early detection of targeted attacks and data breaches. They also collect, aggregate, and report on this data, primarily for incident response, forensics, and regulatory compliance requirements.
While SIEM solutions started out as simple log data analysis solutions, today’s SIEM solutions can also process other forms of security data, including network telemetry. They can combine this information with contextual information across a range of other aspects, including users, assets, threats, and known vulnerabilities. So while SIEM may have approached workload protection from the outside-in (i.e., originally focusing on attacks), they are a credible option for cloud workload security today.
Today, most SIEM systems work as follows: they deploy collection agents (multiple ones, in a hierarchy) to pull-in any security-related events from devices, services, networks, and security solutions like firewalls and intrusion prevention systems. All this data is aggregated into a central management console – while some processing can be automated through AI, in most cases security analysts need to review the data and prioritize incidents.
In other words, SIEM works from the event backwards – and in doing so they will protect cloud workloads by default. SIEM solutions are also evolving: as most of the SIEM vendors came from data collection, it’s a natural extension to move into security and operations response (SOAR). However, few of them focus on compliance or posture management – these are hard-core attack management and prevention systems. From an IT compliance standpoint, they don’t address those issues at all.
Our next blog will look at the most recent category – Cloud Security Posture Management.
Rich ist Director of Public Cloud Product Marketing bei Barracuda. Er stieß im Rahmen der Übernahme von C2C Systems im Jahr 2014 zum Team. Rich ist einer der Public-Cloud-Experten von Barracuda – er arbeitet direkt mit den Cloud-Ökosystemen und wurde in E-Books von Microsoft zum Thema Public Cloud Security zitiert. Er schreibt außerdem häufig für die eigenen Cloud-Blogs von Barracuda. Für unsere Cloud-Initiativen hilft er bei der Entwicklung von Strategien und deren Umsetzung mit unseren Partnern und Vertriebsteams.
Sie können Rich ein E-Mail [email protected] senden.