Search form

Upcoming Webinars

Achieve in-depth insights into your infrastructure and minimize downtime
May 09, 2024
What's New at Catchpoint! Spring 2024 Product Launch Event
May 22, 2024
Redefining bandwidth monitoring for hybrid IT
June 06, 2024

On-Demand Webinars

Master Class: Optimizing CX through 4 Pillars of Internet Resilience
Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Network traffic analysis for today's IT
The SRE Report 2024
The 2024 Observability Landscape — a survey of observability decision-makers
2024 State of IT Operations Report: Journey to Agility
How IT leaders can drive more with less
An IT leader's enterprise guide to drive more with less
Website monitoring in Applications Manager
Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure

All White Papers...

Why Security Observability Is a Viable Alternative to SIEM Tools
February 14, 2024

Jeremy Burton
Observe

Share this

We increasingly see companies using their observability data to support security use cases. It's not entirely surprising given the challenges that organizations have with legacy SIEMs. We wanted to dig into this evolving intersection of security and observability, so we surveyed 500 security professionals — 40% of whom were either CISOs or CSOs — for our inaugural State of Security Observability report.


It Starts With a Single Central Data Lake

Security observability is about using logs, metrics, and traces to infer risk, monitor threats, and alert on breaches. We see more and more customers using a single, central, data lake for their security and operational log data, which can deliver the benefits of shared infrastructure cost and search language cross-training. But, security data is all about voluminous logs with massive variability — and the volume of security data often leads to unacceptable storage costs. That's painful for customers and so they're forced to roll data off to cold storage after a few days. Re-hydrating from cold storage on demand is even worse than the bad old days of tape backup, because it adds the challenge of drifting search-time schema definitions. To have a real security data lake, all that data needs to be always hot, always searchable.

Security professionals are also hurt by the inability of many incumbent tools to analyze metrics alongside logs, so the operations team pushes back when asked to get onboard with a single tool for operational and security data. This hits the smaller organizations really hard, which is why you see such variability in their budgets — across three recent surveys of US companies, average security budgets range from 10% to 24% of the IT budget. A review of LinkedIn data indicates that the lower third of organizations by size doesn't allocate any security budget at all.

An SIEM That's Not A SIEM?

Almost everyone in the survey has an SIEM, uses an SIEM, and is investing a lot in manipulating data to their SIEM's standards to make the rules work so the analysts can see the massive numbers of alerts. There's a lot of SIEM hate out there, and lots of people looking for alternative solutions. I think there's great hunger for the SIEM that's not a SIEM — customers want to be able to search and correlate log events without the noisy ticket generation machine.

In the report, respondents noted that half of their security data has to be transformed and half of security incidents have to be escalated. It's an exhausting amount of maintenance work that is difficult to justify in today's climate of constrained budgets. For small organizations with just a couple of admins, or large ones where multiple teams need to coordinate, it's hard for them to bite off that SIEM renewal without looking at alternatives.

Security Observability can be that alternative. Why Security Observability? Simple: because an outside-in approach based on large volumes of data you've already collected saves precious employee time and effort. It certainly beats the typical SIEM approach of normalizing data to an unrealistic, vendor-locked abstraction. That's beneficial to large customers, and absolutely critical to smaller companies who simply can't dedicate people to running specialized security tools — it's often a team effort by a group of generalists. And sure, large companies can technically afford a SIEM ... but why should they?

So often we see that there are multiple SIEM-like tools in place, duplicating data for the security operations center and the incident response teams. It's pure waste. It's easy to accidentally and needlessly duplicate data between observability and security tooling, or between multiple security tools, and then go looking for a search engine that can unify it. Since most organizations are expecting data to grow by 75% or more in the next year, this waste becomes more costly each year.

Cloud Changes Everything

The large cloud providers have certainly increased the volume of data needed to be collected, but they also have reduced the variety of data, thereby making it easier to work with the format they provide. There are no longer dozens of security vendors selling appliances, spewing syslog that you have to painstakingly curate into a common information model. Instead you're more likely to have a handful of data sources shepherding massive volumes within each cloud provider. It's much more productive to make sense of this data as it is, then to somehow normalize data from disparate sources and essentially fake an understanding of it.

SIEM simply doesn't make sense for cloud native companies. Aside from the huge implementation and maintenance cost, doing lots of normalization … to run lots of rules … that no one looks at anyway. Don't be wasteful — only run rules for what you're going to use.

Jeremy Burton is CEO of Observe
Share this

Related Links

www.observeinc.com

Hot Topics

Cloud
Cybersecurity
DataOps
Logs
Observability

The Latest

As CIOs Address App Sprawl, Observability Can't Be an Afterthought
May 09, 2024

App sprawl has been a concern for technologists for some time, but it has never presented such a challenge as now. As organizations move to implement generative AI into their applications, it's only going to become more complex ... Observability is a necessary component for understanding the vast amounts of complex data within AI-infused applications, and it must be the centerpiece of an app- and data-centric strategy to truly manage app sprawl ...

In a Productivity Paradox, How Can Companies Prove the Value of Their Software Investments?
May 08, 2024

Fundamentally, investments in digital transformation — often an amorphous budget category for enterprises — have not yielded their anticipated productivity and value ... In the wake of the tsunami of money thrown at digital transformation, most businesses don't actually know what technology they've acquired, or the extent of it, and how it's being used, which is directly tied to how people do their jobs. Now, AI transformation represents the biggest change management challenge organizations will face in the next one to two years ...

6 Ways Generative AI Will Impact Data Management
May 07, 2024

As businesses focus more and more on uncovering new ways to unlock the value of their data, generative AI (GenAI) is presenting some new opportunities to do so, particularly when it comes to data management and how organizations collect, process, analyze, and derive insights from their assets. In the near future, I expect to see six key ways in which GenAI will reshape our current data management landscape ...

AI Creates "Disrupt or Die" Era
May 06, 2024

The rise of AI is ushering in a new disrupt-or-die era. "Data-ready enterprises that connect and unify broad structured and unstructured data sets into an intelligent data infrastructure are best positioned to win in the age of AI ...

Gartner: Organizations Are Evolving D&A Operating Model Because of AI
May 02, 2024

A majority (61%) of organizations are forced to evolve or rethink their data and analytics (D&A) operating model because of the impact of disruptive artificial intelligence (AI) technologies, according to a new Gartner survey ...

Gartner: Top Trends in Data and Analytics for 2024
May 01, 2024

The power of AI, and the increasing importance of GenAI are changing the way people work, teams collaborate, and processes operate ... Gartner identified the top data and analytics (D&A) trends for 2024 that are driving the emergence of a wide range of challenges, including organizational and human issues ...

The Disconnect Between IT and the Business
April 30, 2024

IT and the business are disconnected. Ask the business what IT does and you might hear "they implement infrastructure, write software, and migrate things to cloud," and for some that might be the extent of their knowledge of IT. Similarly, IT might know that the business "markets and sells and develops product," but they may not know what those functions entail beyond the unit they serve the most ...

The High Cost of Low Cloud Cost Visibility
April 29, 2024

Cloud spending continues to soar. Globally, cloud users spent a mind-boggling $563.6 billion last year on public cloud services, and there's no sign of a slowdown ... CloudZero's State of Cloud Cost Report 2024 found that organizations are still struggling to gain control over their cloud costs and that a lack of visibility is having a significant impact. Among the key findings of the report ...

AI, Security, and Sustainability Are Major Drivers for IT Modernization
April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...

The Past, Present and Future of DEX
April 24, 2024

Over the last 20 years Digital Employee Experience has become a necessity for companies committed to digital transformation and improving IT experiences. In fact, by 2025, more than 50% of IT organizations will use digital employee experience to prioritize and measure digital initiative success ...