Industry Analysts Recognizing Cloud Analytics Brings Wave of Disruption to the SIEM Market

In the new report, “Analytics is making its security operations mark ahead of schedule,” analyst firm 451 Research details the accelerating transition happening in the security information and event management (SIEM) space. The report underscores how new cloud-native analytics solutions are displacing traditional SIEMs at the heart of the defense.

For the modern enterprise, establishing a full stack data-driven security operations strategy is essential--and traditional SIEMs can’t deliver the foundation for it. As 451 Research points out, such a strategy is grounded on “massively scalable data storage along with computational cycles for executing machine learning algorithms,” characteristic features of next-generation cloud-native SIEM solutions.

As the 451 report notes Sumo was the “first innovator” to recognize that the fundamental shift to the cloud would transform the SIEM space. One thousand security customers later we’ve learned and innovated beyond the basic operational leverage of delivering SIEM as a SaaS service.

First, we learned that not all “from the Cloud” SIEM solutions are created equal. The magic of “from the cloud” means not just delivering a SIEM hosted instance on public cloud infrastructure, but also delivering native multi-tenancy (lower costs from on-demand provisioning & leverage learnings from others!) and elastic scale (leverage capacity & performance of entire cloud vs. one hosted instance!).

Second, the cloud transition changes not just how we protect but also what we protect. As customers increasingly migrate workloads to the cloud and undergo digital transformation security “for the Cloud” is just as important as “from the cloud”. “For the Cloud” means not just ingesting cloud data sources, but also integrating analytics across previously siloed development, security, and operations workflows which have come together in modern cloud architectures. Moving up the stack to protect at the application layer as well as the infrastructure becomes a much higher priority in modern IT environments. Ingesting these new data sources is the baseline, but understanding and decoding what these new frontier signals mean is the key to adapting the defense.

Lifting and shifting legacy SIEM solutions to cloud hosting is not even the first step on the journey - fundamental re-architecture to harness the “from” and “for” the cloud leverage is the new baseline to rethink the SIEM for modern IT.