Moving SIEM to the Cloud

Employing Security Information and Event Management
The kind of detailed data analysis that helped statistician Nate Silver predict accurately the outcome of the U.S. presidential election could help enterprises using cloud-based SIEM to identify vulnerabilities, says Cloud Security Alliance's Jens Laundrup.

SIEM - security information and event management - is moving to the cloud, and the Cloud Security Alliance has issued a new document that provides guidance for best practices on how to evaluate, architect and deploy cloud-based SIEM services to enterprise and cloud-based networks, infrastructure and applications.

Laundrup, who chaired the alliance's working group that wrote the SIEM guidance, characterizes cloud-based SIEM as version 2.0.

"With SIEM 1.0, we found that we were collecting way more data than we knew what to do with; we buried ourselves with data," Laundrup says in an interview with Information Security Media Group. "The more we collected, the less smart we were about it. There is a need in the world of security information and event management to have a fundamental shift in thinking, from collecting more data to finding out what the right data is, and learning how to analyze it and make prediction on the data.

"There was a gentleman, Mr. Silver; he did an outstanding job during the election in predicting the presidential winner and he did it through very careful analysis of data that was available."

In the interview, Laundrup:

  • Defines Security as a Service, or SecaaS, and its SIEM component;
  • Discusses security concerns surrounding cloud-based security offerings;
  • Explains how organizations should vet SecaaS and cloud-based SIEM providers.

Laundrup, a security architect, is a principal consultant for the IT security consultancy Emagined Security. He has more than 25 years of experience in the security field, including 22 years of expertise in military cryptography, communications, governance and executive leadership. He has specialized in the implementation of security program management, enterprise IT management, IT governance, private key infrastructure management, encryption systems management and disaster-recovery and business-continuity planning and execution.

The University of Maryland awarded Laundrup a master of science degree in information technology with an emphasis in information assurance. He also is a Certified Security Professional and Holistic Information Security Professional.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.