Today’s security professionals face not only an ever-expanding list of threats, old and new, but also an excruciating choice of security approaches and tools.
Nearly 2000 security vendors are trying to sell to large enterprises and small businesses. Most organizations have already invested heavily in cybersecurity solutions. From firewalls to proxies and endpoint protection to DLP, the average firm has more than 40 types of security technologies in place, each generating telemetry that grows every year.
With employees, contractors, partners, and customers all accessing online business processes that were once hidden in a back office, corporate network traffic has also increased significantly. There is more noise than ever before, hiding more attacks than ever before — with greater impacts than ever before.
Security analytics promises to help analysts make sense of this data, to find useful signals in the noise before it’s too late.
For most organizations, however, an effective security analytics solution is an expensive and complex exercise in systems integration, with heavy IT operations support required simply to keep the system up and
running as it grows.
As CIOs migrate corporate IT to the cloud, CISOs roll out advanced threat protection such as EDR and network traffic analyzers to protect the pieces
that remain under their control.
In theory, a SIEM or centralized log management product consolidates and correlates all of this information, but in practice, SIEMs buckle under large data volumes.
Moreover, high-volume telemetry from EDR systems is rarely fed into a SIEM. If high volume telemetry is ingested, it’s typically only retained for a few weeks, if at all.
While it sounds counter-intuitive that we need another type of a tool, the world has changed dramatically and many existing security tools did not evolve fast enough to maintain relevance.
Today, organizations still operate legacy systems, have vast on-premise IT presence, but also a large cloud presence, often across multiple cloud providers. The types of security telemetry they collect expands,
and the volumes grow.