Security Information and Event Management (SIEM) solutions often predate CWWP ones – these products were logical extensions of standard network reporting. SEIM solutions focus on the analysis event data in real time for early detection of targeted attacks and data breaches. They also collect, aggregate, and report on this data, primarily for incident response, forensics, and regulatory compliance requirements.
While SIEM solutions started out as simple log data analysis solutions, today’s SIEM solutions can also process other forms of security data, including network telemetry. They can combine this information with contextual information across a range of other aspects, including users, assets, threats, and known vulnerabilities. So while SIEM may have approached workload protection from the outside-in (i.e., originally focusing on attacks), they are a credible option for cloud workload security today.
Today, most SIEM systems work as follows: they deploy collection agents (multiple ones, in a hierarchy) to pull-in any security-related events from devices, services, networks, and security solutions like firewalls and intrusion prevention systems. All this data is aggregated into a central management console – while some processing can be automated through AI, in most cases security analysts need to review the data and prioritize incidents.
In other words, SIEM works from the event backwards – and in doing so they will protect cloud workloads by default. SIEM solutions are also evolving: as most of the SIEM vendors came from data collection, it’s a natural extension to move into security and operations response (SOAR). However, few of them focus on compliance or posture management – these are hard-core attack management and prevention systems. From an IT compliance standpoint, they don’t address those issues at all.
Our next blog will look at the most recent category – Cloud Security Posture Management.
Rich est directeur marketing pour les produits de cloud public chez Barracuda. Il a rejoint l'équipe dans le cadre de l'acquisition de C2C Systems en 2014. Rich est l'un des experts du cloud public de Barracuda. Il travaille directement sur les écosystèmes cloud et est cité dans des ebooks de Microsoft sur la sécurisation du cloud public. Il est également contributeur régulier des blogs thématiques sur le cloud de Barracuda. Dans le cadre de notre travail sur le cloud, il aide au développement de stratégies et à leur exécution avec nos partenaires et nos équipes commerciales.
Vous pouvez contacter Rich par e-mail à l'adresse firstname.lastname@example.org.