Comparative Analyses of SIEMs: Traditional Vs Cloud Native
Delivered February 4, 2020. Contributor: Agnidip M.
To find out insights relating to the issues and problems of a traditional SIEM and to compare them to those of cloud native SIEM, focusing on aspects such as logistical challenges and complexities, cost and staffing.
In traditional SIEM solutions, security event correlation that generates alerts often mistake legitimate behaviors and activities as correlated attacks. These alerts are called False Positives, and they drain IT security teams’ investigation times, resources, and willpower.
However, on a next-generation SIEM, IT security teams are provided with target alerts that incorporate contextualization. These contextualization capabilities sort through behaviors and unique temporary privileges to make sure that the alerts meet correlation rule standards.
Costs associated with a traditional SIEM solution include the licensing costs, implementation costs, and renewal costs.
Moreover, the enterprise implementing traditional SIEM also needs to consider the training costs for its employees to properly maintain the solution.
On the other hand, cloud-native SIEMsreduce infrastructure costs by automatically scaling resources and only allowing to pay for what is used.
Cloud-native SIEMs such as Azure Sentinel, launched by Microsoft, helps to save up to 60 percent as compared to pay-as-you-go pricing, through capacity reservation tiers.
According to the CPO Magazine, in spite of being excellent data gathering and detection methods, traditional SIEMs fail to comprehensively or intuitively associate chunks of data together, making the gobs of information produced by a company effectively useless or too time-taking to understand.