The hackers and criminals are playing hardball – so here’s a cloud SIEM playbook to help you fight back

Think your old tools can’t cut it? Here’s the proof

Got Tips?

Promo Incident response and detection is a critical part of your security operation – it’s hard to defend against what you can’t see, particularly when your attack surface now extends from on-prem and into the cloud.

But do you feel like it’s the criminals and hackers who have grabbed all the benefits of moving to the cloud, being able to scale up their operations at will, leverage technologies like machine learning and AI, and exploit vulnerabilities left as target organizations hybridize their own operations.

Meanwhile you’re trying to combat that them using legacy tooling which might be adequate for securing your on-prem world, but barely recognizes the cloud even exists, never mind extends to it and takes advantage of the benefits it can offer. Oh, and you’re a team member down. Again.

It might be small comfort, but you’re not alone. Recent Forrester research, sponsored by Rapid7, highlighted the pressures security pros are under, as they struggle to police a cloud world with tools designed for an earlier era.

A couple of highlights? Yes, security pros are drowning in data – think of all those logs – with limited human resources to sift through them and make decisions on which threats to focus on first, particularly when their arsenal doesn’t include user and entity behavioural analytics.

This can induce a response paralysis, which means attackers not only can slip into an organization, but can begin to move laterally, causing further damage and cementing their position as they go.

It’s not always clear that scaling up an existing toolset will do much to remedy the situation, as the initial investment in software must often by matched by investment in additional hardware and staffing, and involve a tortuous deployment phase.

All the while, you are left with the nagging feeling that something or someone is running amok within your organization, but you and your team aren’t able to see them or prove to your stakeholders.

It seems intuitive that the best response would be to make like the attackers, and take full advantage of the cloud, giving you access to more data, the power of AI, rapid deployment and equally rapid feature updates.

And if you’re wondering how a cloud-based SIEM can support you, the good folks at Rapid7 have a playbook just for you, that walks you through the full list of benefits.

As well as outlining the benefits of switching to a cloud-based SIEM like Rapid7’s InsightIDR – and we’ve just scratched the surface here – it also raises the crucial questions you need to ask yourself, and your potential partner, when contemplating such a decision.

Best of all, it gives you the information you need to demonstrate to your stakeholders, whether on your security team in the C-suite, that in a cloud-based world, the best place to combat threats is in the cloud. So why not start your journey, right here, right now.

Biting the hand that feeds IT © 1998–2020