Reading this statistic is a bit mind numbing… Technology has crept into every aspect of our lives and to be fair, it has made it better, for the most part.. Introducing all this technology has resulted in a common problem, management and storage of data…
Over the past eight months Jeff, Sanket and myself have talked with over 100 security practitioners and leaders about what they are struggling with and how we could introduce better outcomes. Every single conversation included an aspect of “we have too much information” or “we are struggling to control costs and data volume”.
It is rarely helpful to live in the past but when searching for a better future sometimes it can be beneficial to understand how we arrived at the present.
I consider myself lucky to have spent my entire career in an industry that is growing at an exponential rate. Security has exploded over the past few decades, emerging from the shadows of IT and becoming a critical component of any business. Security is always challenged to evolve and adapt to technology decisions businesses make to better serve their customers. This means adoption of new technology, an increasing digital footprint, all of which grow the “attack surface” for security teams to protect. As these business decisions are made, new technology is needed to monitor and defend against ever-changing threats.
The unifying theme, the migration away from on-premise technology and adoption of cloud based solutions. Not only have security teams increasingly moved to solutions hosted by a vendor, they have also been forced to protect their companies assets hosted by another vendor.
The common outcome of this change, loss of control.
I’m a big believer of the truth never being black and white. In fairness, the cloud has dramatically changed things for the better. Allowing companies to focus on their core business and not managing the technology that supports this mission. That said, every decision comes with trade offs.
In Cyber Security you cannot protect what you cannot see, that is the reason for the continued evolution of “Detection and Response” solutions. All of these platforms give valuable insight into the technology they are designed to monitor but are only helpful if you can consume the output. This is just one of the dozen new categories of security platforms. The amount of acronyms has become a running joke amongst security professionals.
Many enterprises use between 25 to over 100 security products … This has resulted in an absolute mess of inbound information that needs to make it to the right place at the right time and stored in different places for different purposes. Information is delivered in different ways and formats resulting in challenges for both the consumption and analysis. Does a vendor push the data? Does it need to be pulled via API? Is it in syslog, JSON, OCSF? How does the system consuming it need it to be formatted? Etc, etc..
All of these questions have required security organizations to think strategically about data operations and long term data needs. Additionally we have started to see the decoupling of storage from detection.
Traditionally SIEM/XDR vendors consumed all data, stored the data and attempted to correlate and analyze. Many of these SIEM and XDR solutions license their products based on the amount of data consumed and processed which has led to runway expenses and an increasing need to be thoughtful on what information is sent to them. Security teams have started adopting data lakes and archiving solutions for more affordable long term use, which is great but just means more complexity when deciding how to send what and where…
There is no easy answer to any of these problems. The only truth is that there is a problem which needs to be solved. More intelligent ways to control and manage the data and telemetry coming from all of the existing solutions security teams use…
Solving this problem is what we at Realm.Security are pursuing on behalf of security teams everywhere….