Last April, we outlined how the “Tech Titans” (Amazon, Google, and Microsoft) were poised to change the cybersecurity landscape by introducing a new model for enterprises to consume cybersecurity solutions. Security has long been delivered as siloed solutions located on-premises. These solutions were hard to buy, hard to use, and existed in silos. Security leaders were hampered by the technologies’ lack of connectedness, poor user interfaces, and difficulty of administration. Understaffed, stressed security teams struggled to balance the responsibilities of defending their enterprise while updating an ever-expanding toolset.
Cloud adoption by cybersecurity also lags other parts of the enterprise. Many of the security tools enterprises rely on are still deployed on-premises, even as more and more of IT shifts to the cloud. Running counter to other parts of the enterprise, most security teams incur the expense of pulling logs from cloud environments to then process and store them on-premises.
Security analytics platforms such as legacy security information management (SIM) systems struggled to keep pace with the increasing volume and variety of data they process. Unhappy users complained about the inability of their SIMs to scale and the volume of alerts they must investigate.
Enterprises struggling with the cost of data analysis and log storage turned to open source tools such as Elasticsearch, Logstash, and Kibana (ELK) or Hadoop to build their own on-premises data lakes. But then they were unable to glean useful insight from the data they had collected and realized that the expense of building and administering these “free” tools was just as great as the cost of commercial tools.
Cloud Tools Set To Disrupt The SOC
This week, as thousands of security pros gather in San Francisco for RSA Conference, tech titans Google (Alphabet) and Microsoft launched cybersecurity tools that promise to disrupt the traditional way of taking in and analyzing security telemetry. Chronicle’s Backstory (Chronicle is an Alphabet company) and Microsoft Azure Sentinel are cloud-based security analytics tools that are addressing the challenges faced by security operations center (SOC) teams such as:
- Ingesting security data from multicloud and on-premises environments.
- Analyzing large data volumes.
- Alert triage.
- Log management and storage.
- Threat hunting.
Chronicle and Microsoft are making these challenges cloud-native with virtually unlimited compute, scale, and storage. These vendors have a unique advantage over legacy on-premises tools since they also own their cloud infrastructures and aren’t dependent on buying cloud at list price from would-be competitors.
By providing these tools through existing marketplaces, they can offer seamless implementations and rapid turn-up of services while making the procurement process as easy as a checkbox for customers to select to add this functionality. For an illustration of the power of the structural advantages the platform and marketplace grants Microsoft, consider that the initial rollout allows customers to add Office 365 data to Azure Sentinel for no charge.
Like any other new solution, there are bound to be hiccups and growing pains. Security leaders should watch their progress closely and challenge their current vendors to deliver similar capabilities. Other security analytics platform vendors whose cloud offerings are lagging will accelerate their cloud development to compete with the new capabilities from Chronicle and Microsoft.
Security Pros: Embrace The Change
For security pros that have been around awhile, don’t let your cynicism cloud (pardon our pun . . .) the potential advantages your organization could experience by making use of these tools. Take off the tinfoil hat, and realize that Microsoft is a security company now. What Google and Microsoft have introduced will make the entire industry better, and that’s something to applaud.
Look for cloud vendors such as IBM and Oracle to increase focus on their cloud-delivered security analytics solutions. Security portfolio vendors will also increasingly embrace cloud delivery. For example, security portfolio vendor Palo Alto Networks recently announced its own cloud-delivered security analytics solution, Cortex XDR, to address the data analysis challenge. Competition breeds innovation and improvement, and these announcements will force other vendors to accelerate existing plans and formulate new ones.
The future of cybersecurity, just like the IT resources it protects, is in the cloud. The Tech Titans are staking out a claim and changing the way security solutions are purchased, delivered, and consumed . . . and it couldn’t come at a better time for the industry.