By Augusto Barros, VP, Cybersecurity Evangelist
Securonix being a SIEM vendor, it would be expected that most of our conversations would be about threat detection, investigations and even response. But we often see ourselves deep into conversations about data: How to collect, properly format and store it so it will be useful for those TDIR functions that are directly related to our core value. SIEMs are indeed data tools, so talking about those data challenges is something expected, but we shouldn’t see such conversations becoming more important than our core objective, which is making your organization more secure. Still sometimes it seems that our ability to handle large volumes of data is the central point of our solution. Why?
The reason for data challenges becoming central in people’s minds is simple: That’s where they feel a lot of pain. Some SIEMs still rely on technology that was built for far lower volumes of data, in a pre-cloud era, so it is expected to see those solutions suffering with the huge data volumes organizations are generating these days. As organizations slowly move into this new reality, the SIEM that used to work in the past may be showing signs of aging now. That makes many of our conversations around SIEM replacement to be primarily about data.
But it’s not simply a question of replacing older technology with something newer and more efficient. There are also new approaches to the entire problem of collecting, preparing and storing data for security purposes. Many organizations have gone through the same challenges for other use cases, and deployed very efficient technology stacks to handle the insane amount of data they produce. For those organizations, it seems unnecessary and even illogical to implement a new data stack exclusively for the security challenge. They want to break that silo and have their enterprise data architecture to be used for the security use cases too.
This is why Securonix has invested so much in a flexible architecture, capable of working with different data technologies and backends. Our solution evolved from the traditional Hadoop stack towards a native SaaS design, leveraging many pieces of the AWS ecosystem, such as S3 buckets, and since then it has moved even further by leveraging the extremely scalable Snowflake data cloud. In order to follow this path, we had to decouple our analytics from the data backend. By doing it, we ended up with the ability to provide extra flexibility to our customers. Just like we were able to use different data stacks, with a native SaaS architecture we are also able to use our own customer’s data solution. That’s where our Bring Your Own Cloud solutions fit in: We can have our cloud-based solution leveraging our customer’s AWS or Snowflake accounts for hosting their data.
Built on Snowflake Data Cloud, Unified Defense SIEM provides flexibility without added complexity.
Flexibility has been one of the key strengths of our platform. We recognize that most customers want us to handle these data complexities for them, as a true SaaS solution will often do. For them, our Unified Defense SIEM, running on our own Snowflake deployment, will provide the benefits of that great platform without any additional complexity. But for customers with large AWS deployments, or for those already using Snowflake for other use cases, the ability to use those environments to host their own data may be exactly what they need. They can retain complete control over the data, explore ways to combine security data with other data sets, or explore any advantageous price negotiations they may have gone through with those service providers.
The complexities of SIEM in regard to data management are well known, and SIEM discussions will inevitably touch them. But they are means to an end. Providing the flexibility to work with different models allows Securonix to do it the way the customer wants, so they can focus on how to more efficiently detect, investigate and respond to threats.