SIEM Migration: Why now?

Is migrating to cloud-native SIEM worth the hassle? CyberProof President Yuval Wollman and Managing Director of Cyber Defense Service Delivery Doron Davidson explored this question in an in-depth conversation. Here are some of the issues they touched on.

On reducing complexity…

Doron pointed out that “cloud-native SIEMs and platforms have a seamless integration. They reduce complexity as well as reduce the cost, eventually - both the cost of the integrations themselves and the cost of managing the SIEM over time. It's not only about the cost of 2024. It's what's going to going to happen to the platform in 2025. The costs pile up. 

“As an MDR, the more we can actually help our customers transition to cloud-native SIEMs, the more we can see the efficiency that it brings to the table based on native integrations. It adds to the scalability – the scalability that cloud-native SIEMs provide, which is essential for the rapidly growing data volumes that we see within a customer's environment.” 

As an MDR, the more we can actually help our customers transition to cloud-native SIEMs, the more we see the efficiency it brings to the table.

On cloud-native stacks…

Yuval explored how “moving into cloud-native platforms allows you not only to use different models of automation and content embedded with it, but also other products. Increasingly, we're seeing visionary CISOs in the enterprise market asking questions about ‘Where do I want to take my stack in the next three to five years?’ 

“These are the questions that they are being asked. They're asking for good partners to share with them their insights and experience. CyberProof is experienced with cloud-native platforms and part of the story is the layer of analytics. You can use insights coming from the analytical tools, and also integrate into other tools - whether it's at the EDR level or at the log collection level. These are things that we've developed ourselves over time, complementing the cloud-native stacks.” 

On the impact of AI…

Doron suggested that “we can now respond significantly faster with automated playbooks - and with the development of these playbooks. We can now also utilize AI and it becomes significantly faster, significantly simpler. We've seen some of the most interesting acquisitions: whether it was a SIEMplify by Google Chronicle, whether it was Demisto becoming XSOAR, providing very advanced capabilities and integrations. Otherwise, we would need to develop a lot of those integrations, and APIs ourselves - debugging and maintaining them.

“Nowadays, to develop an automation becomes significantly simpler so we can concentrate on the business risk, on the use cases that customers really want, in order to protect themselves - rather than on concentrating on how to develop that automation.” 

On cutting costs…

Yuval spoke about cloud transformation, saying, “There’s value add that you're getting in terms of analytics, in terms of automation, in terms of scalability - when it comes to cloud-native platforms. But what about cost? It's still unknown to an extent, but our experience shows that we can deal with that. 

“We've developed at CyberProof some capabilities - some additional layers - that enable us to manage the cost properly. The ingestion, the storage, things that are money makers for these hyper scalers, we know how to reduce costs and provide the right assurances for the CISO in terms of budget controls.” 

For one client, we helped reduce security operations costs by more than 80% by migrating to cloud-native SIEM.

On enterprise-scale cloud transformation…

Yuval shared that “we have a vast experience with the enterprise market, global companies that went through significant transformation processes. For example, let's take the case study of how we help to reduce the cost with one of these organizations. We're talking about a 200,000-person company with about 300 entities being consolidated into one organization.

“We managed the migration to Sentinel, in that case. We decreased the cost by more than 80%. This is dramatic. Let me say that from the other direction, without making that move and helping them to reduce the cost, they would never transition or transform into a cloud-native platform. They would never do that because this is not something that a CISO can convince the C-suite makes sense from a budgetary perspective.”

On automation…

Doron pointed out that, “As you're ingesting more data, and you have more entities, you're exposing yourself to a much larger threat landscape, which basically means that you will have significantly more alerts within the system. And the only way to be able to cope with that is to add significantly faster automation, both for the investigation as well as the response – as well as for some of the threat hunting processes, in order to find the things that we might not even be aware of. 

“The way to complete this is by adding additional automation on top of the existing tools. These are available only when you're looking at cloud-native solutions.” 

On working with the board…

Yuval explained that, “In 2024, there will be more pressure coming from the board to CISOs to provide more assurances for security and cost management.

“In the long term, you can meet those kind of concerns coming from the board is to work with cloud-native platforms. It's not easy. You need a seasoned veteran partner to work with. I believe that what we've built in CyberProof over the past few years, decisions we've made, talent we recruited, and technology that we've developed - all of this makes CyberProof the right partner.”

Watch the full recording here. For additional information about migrating to cloud-native SIEM, contact us.