Why Security Observability Is a Viable Alternative to SIEM Tools>
APM Digest – Jeremy Burton
The article discusses the intersection of security and observability in companies and presents survey results from 500 security professionals, including 40% who were CISOs or CSOs.
Security observability uses logs, metrics, and traces to infer risk, monitor threats, and alert on breaches.
It is often used with a single central data lake for security and operational log data that provides benefits such as shared infrastructure cost and search language cross-training.
However, the volume of security data can lead to unacceptable storage costs, which requires always hot and always searchable data.
Many incumbent tools cannot analyze metrics alongside logs, leading to maintenance work and budget constraints.
There is a growing interest in alternative solutions such as the SIEM that’s not a SIEM, which allows for the correlation of log events without ticket generation.
Security observability can be an alternative because it saves time and effort by using an outside-in approach based on large volumes of data already collected, making it particularly beneficial to smaller companies with limited resources.
The cloud has also changed the landscape of security and observability by reducing the variety of data and making it easier to work with the format provided by cloud providers.
Cloud native companies may not need a SIEM due to its implementation and maintenance costs.
Link: https://www.apmdigest.com/state-of-security-obsefvability-2023