Page 116 - Cyber Defense eMagazine January 2024
P. 116

Solving for What the SOC Needs Now: Flexibility and Optionality

            The cybersecurity ecosystem is reshaping itself. The technology, the leaders, everything now is shifting
            so that  security  teams can  have a more  open future  – a future  where they’re  not  locked into  a single
            SIEM, one with freedom for detections, and freedom for response.

            From data pipelines to threat detection platforms, an unbundling is taking place. Security organizations
            increasingly  prioritize  flexibility  and  optionality,  driving  demand  for  decoupled  solutions.  Analytics
            separate from data storage, stand schemas and open table formats are all gaining mindshare.


            Interest in decoupling threat detection from log storage is fueled by the huge difference in cost between
            data platform options. Where tightly coupled SIEM solutions impose a steep ingest tax,  cloud data lake
            options charge  by usage and don’t limit retention. Use cases whose data can be analyzed  outside the
            SIEM often see cost savings upwards  of 80%. The combination  of improved visibility  and lower spend
            makes new data platforms appealing. As a result, CISOs have started demanding the flexibility to explore
            cost-effective alternatives on a per-use case basis.



            A New Era of Freedom for Splunk + Snowflake Users

            Enterprises  are  being  pushed  by  lock-in  fears  and  pulled  by  opportunities  for  better  scale.  They  are
            looking for ways to augment  Splunk with data platforms  that deliver efficiencies  and support  the latest
            machine learning. But “rip and replace” is not an option for most, so a bridge is needed for the transition
            from monolithic SIEMs to a security data lake architecture.

            In my experiences  working with customers  at Snowflake,  I saw the immediate  impact when they could
            start using Snowflake alongside Splunk. They no longer only had one option for their security data.
            They had more choices, they had freedom.

            Splunk  isn't disappearing.  Beyond its continued  relevance  in cybersecurity,  Cisco  will invest heavily in
            bolstering Observability and application monitoring.  At the same time, the "all in one" approach is being
            replaced by a SOC architecture that utilizes the most suitable home for each data source and use case.

            Security teams demand the liberty of choosing where their data lives and the flexibility to detect threats
            equally well across their SIEM and data lake of choice. I look forward to helping organizations do just that
            in my new role at Anvilogic.
















            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          116
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   111   112   113   114   115   116   117   118   119   120   121