Light Dark
September 22, 2017 By Satyakam Jyotiprakash 4 min read
Intelligence & Analytics
Cloud Security

Managing large volumes of information on day-to-day basis continues to be personal as well corporate challenge. When it comes to cybersecurity, IT organizations are not only fighting hackers and malware, but also data overflow from their own networks. Enterprises are struggling to effectively log, monitor and correlate the data to obtain actionable insights. They mostly rely on security information and event management (SIEM) for real-time monitoring of security events, analytics, investigation and compliance reporting.

However, choosing the right security analytics solution to protect a corporate enterprise is extremely crucial, given that there are so many options in the market. CISOs don’t want to regret the ultimate decision, and therefore do a bunch of research and proof of concepts.

Finding the Right SIEM Solution

The decision also needs to be made in terms of investing in people and processes to operate a SIEM tool, be it directly or through managed SIEM providers. While on-premises SIEM is the most preferred option for very large enterprises, SIEM solutions delivered as a service are emerging as a viable option for many others. These reduce the time to implement the solution, administer and scale as required. With increasing use of infrastructure-as-a-service (IaaS), SIEM-as-a-service is gaining popularity among organizations who look to simplify event log collection and analysis.

There are many vendors in the market who have labelled their offering SIEM-as-a-service. Vendors could range from managed security services (MSS) providers to others who are hosting a commercial SIEM tool or simply providing log management. Therefore, it’s important to choose a solution that is already trusted in the on-premises deployment model, and SIEM-as-a-service is the same solution delivered as an offering.

IBM QRadar is one of the few recognized security intelligence solutions already used on-premises by thousands of organizations. With QRadar on Cloud being the same solution, but deployed and managed by IBM service professionals, CISOs have a game-changing option to consider.

Read the White paper: Gartner Innovation Insight for SIEM as a Service

Top Benefits of IBM QRadar on Cloud

Customer apprehension, data privacy laws and network bandwidth issues are among the primary concerns for moving security to the cloud. But the value of this is too great to ignore. IBM has worked with Ponemon Institute to conduct a study that revealed why clients are giving QRadar on Cloud a strong consideration.

1. Time to Value

Deploying SIEM is no joke, given that it collects so much of data from everywhere in your network. It could take months before security teams believe they are truly operational.

In the Ponemon study, security teams reported that 41 percent of SIEM buyers took six months or more to roll out their chosen solution, and 25 percent never achieved full deployment. However, the majority of on-premises QRadar clients achieved full operational status in less than three months. Those that took longer either had larger deployments, fewer dedicated resources or some skills gaps. QRadar on Cloud is up in weeks — and in many cases days — depending upon the scale.

2. Skills Shortage

According to a Frost & Sullivan report, experts predict a shortage of 1.5 million open and unfilled security positions worldwide by 2020. The shallow talent pool is a constant challenge for organizations hiring and retaining security analysts.

QRadar on Cloud helps address staffing shortages by eliminating deployment and maintenance burdens. It’s a detection technology, and organizations that have adopted QRadar spend all their time doing higher-order tasks, building sought-after security expertise rather than simply maintaining the solution. This can save SIEM users as much as 28 percent of their time.

3. Collect More Than Logs

There are many SIEM vendors who only focus on log data collection and management. Although this is essential to SIEM, it is only one type of security data. Several QRadar on Cloud clients cited the ability to correlate network flows and vulnerability data as top purchase criteria. Some said these capabilities gave them more confidence in the continued viability of the solution.

4. Desire to Maintain Control

While many organizations are glad to outsource the security infrastructure and maintenance duties, most are unwilling to depend upon others to monitor the network and deal with attack and breach remediations.

“What most corporate boards don’t want to hear is that no employees are actively participating in network defense,” one CISO told us. QRadar on Cloud customers want to know what’s going on minutes after a problem is detected.

5. Trading Capital for Operational Expense

This is another straightforward benefit of QRadar on Cloud. Rent instead of own; lease instead of buy. Other successful software-as-a-service (SaaS) solutions have paved the way for QRadar on Cloud.

Additional Insights

QRadar on Cloud provides several other benefits. All of these benefits are significant factors in a purchase decision for our clients.

1. Flexibility to Outsource Monitoring

Control is great, but sometimes it makes sense to outsource some or all of the monitoring tasks. Managed security services providers (MSSPs) play this role, but going with a single source for infrastructure maintenance and monitoring raises the switching costs should you need to make a change down the road. With QRadar in the Cloud, IBM holds the environment, and customers can hire and fire monitoring resources as they see fit.

2. Avoid Hardware Obsolescence

It’s true — hardware gets old and new software demands more performance and capacity to keep up with ever-changing threats. An on-premises deployment is eventually going to require a refresh, which consumes security staff bandwidth that could otherwise be spent monitoring, investigating, etc. QRadar on Cloud being a SaaS offering helps you stay ahead without worrying about hardware obsolescence.

3. Expand On-Premises QRadar Use Cases

In few cases, our existing on-premises clients said that QRadar on Cloud is their preferred method for expanding managed device coverage beyond network firewalls, switches, routers, intrusion prevention systems (IPS) and intrusion detection systems (IDS).

As with many security technology purchases, the key drivers and planned use cases vary across the size and purpose of the organization. The early client base runs the gamut from needing a compliance reporting solution inside 60 days to protecting a large public venue from business disruption within two years.

View our on-demand webinar, “Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations,” to hear more about these and other client experiences with QRadar on Cloud.

Read the White paper: Gartner Innovation Insight for SIEM as a Service

 |  |  |  |  |  | 
Satyakam Jyotiprakash
Portfolio Marketing Manager, Security Operations and Response Solutions, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature