Does Your Network And Security Team Really Need A SIEM?



        Imagine if your organization had the exponential resources to provide every single device on your network its own personal administrator to monitor it.  Your new army of employees would work 24/7 to track anomalies, quickly escalate priority events to your Security Operations Center (SOC) and stop ransomware in its tracks.  This is exactly the purpose of a Security information and event management (SIEM) tool.  It’s an automated collection point of telemetry data from devices like firewalls, switches, servers and more.  A good SIEM allows your company to minimize investigation time by correlating threat intelligence in one place without requesting a budget for new staff or adding tasks to the limited security resources you have now.  There are over 50 players in this crowded market but let’s examine the honest benefits and drawbacks of one of the most famous SIEM providers in the security industry.

Love It or Leave It

        Splunk Technology is a known leader in the artificial intelligence, big data and cybersecurity markets. With headquarters in Silicon Valley, their client list includes 92 of Fortune 100 companies.  Just this month (Oct 2023), network giant Cisco Systems announced an intention to acquire Splunk for $28B in cash.  This will be the largest acquisition in the history of Cisco and will create synergies between the company that “owns the network” and the company that's the king of monitoring it.  One of the biggest benefits of the acquisition is that Splunk will be better positioned to compete on price against large competitors like Microsoft while also controlling the telemetry of one of the largest network and security portfolios in the world.

        Splunk’s primary SIEM tool, Enterprise Security (EM) is offered on-premise and in the cloud for companies with a “cloud first” strategy.  It is able to provide intelligent log management and network
analysis in one package.  Enterprise Security has been ranked as an industry leader for many years by all three major analysis reports (Gartner Magic Quadrant, Forrester Wave and IDC Marketscape).  One of its strengths is the powerful query functionality, data-science analytics and customized dashboards it brings out of the box.  In addition, Splunk is known to have a strong support base, a large user community and most customers report a positive experience compared to competitors.

Conclusion

        As with any product, there are some notable drawbacks that customers would love to see resolved.  The biggest concern is the high cost of doing business with Splunk.  While they don’t list pricing on the website for Enterprise Security, the estimate listed among existing users is $150 per ingested GB of data
per month.  Gartner states that the demand to log everything sometimes forces customers to look at alternatives to paying thousands per year for every new device added.  Next, the intelligence and modularity of Enterprise Security also make it one of the more complex products to learn.  While Splunk has a robust training and certification program for cybersecurity professionals, the demand for these resources is very competitive.  Finally, most of Splunk’s salesforce is in North America with limited understanding of markets outside of the region they operate in.

Written by Cisco Chris

Comments

Post a Comment

Popular posts from this blog

Image
  Cyber Attack at MGM Resorts Locks Guests Out Of Their Hotel Rooms The MGM Grand Hotel & Casino Las Vegas The probability of a major cyberattack impacting the operations of a global U.S. based company used to be the material of a good Hollywood movie.  However, in 2023 it's become a daily occurrence to hear about breaches at major retailers, manufacturers and healthcare systems.  As of today, most cyber systems at MGM Resorts International, a global hospitality and entertainment company based in Las Vegas, are offline.  MGM operates properties around the world, with 48,000 rooms available in Vegas alone at hotels including the Mandalay Bay, the Bellagio and MGM Grand. This is ironic, as I was just in Vegas last week enjoying Cisco IMPACT with 20k of my friends and colleagues at multiple MGM Resorts properties.  While they haven't publicly released details of the attack, we’ll cover a few of the common scenarios, vulnerabilities and attack types that may be discovered lat
Read more

The Negative Effect of Canada Wildfires on Chicago Office Environments

Image
 The Negative Effect of Canada Wildfires on Office Environments      The recent Canadian wildfires have had a significant impact on air quality throughout the US., even reaching as far as the Chicago area. This has raised concerns about the potential health risks employees face while working in the corporate workplace.  However, as hybrid work has become the new normal, companies must realize the responsibility to protect not only remote workloads but their remote workforce as well.  This includes telecommuters working from a home office or in any other shared space.   To address these concerns, the new Cisco office in Chicago was designed with IoT sensors to measure and mitigate any negative effects on our indoor air quality.       The Cisco Meraki MT14 IoT sensor is a cutting-edge device that allows us to monitor various air pollutants in real-time. It measures the levels of particulate matter (PM2.5 and PM10), volatile organic compounds (VOCs), carbon dioxide (CO2), and temperatur
Read more

The Chamberlain Group Visits Cisco's Experience Center to See The Future of Manufacturing

Image
     The Chamberlain Group , a leading manufacturer of residential and commercial smart access solutions, recently visited the Cisco Experience Center in San Jose, CA.  The primary topics of discussion were the latest trends and technologies in cybersecurity, automation and software-defined networking. The visit aimed to strengthen Chamberlain's efforts in providing reliable and secure access control solutions to its customers.      The meeting also focused on the importance of using collaboration to provide a stellar customer experience for everyone from executives to employees of Chamberlain.  The representatives discussed potential areas of improving the collaboration process and explored ways to integrate their respective technologies and solutions. The Cisco Experience Center (San Jose, CA) Inside the Cisco Experience Center (San Jose, CA) Chamberlain engineers preview new technology before public release The Chamberlain Group Smiles w/the Cisco & Sentinel Team      Overal
Read more