SIEM tools are a staple of the modern security and risk management tech stack. They perform a critical role in enabling security analysts to ingest masses of data across their IT network and apply intelligence and analysis based on established rules.
Unfortunately for security teams, SIEM tools are incredibly expensive. And if we stop to think about that fact – we see that the value of SIEM can be cheaper to tap into. At their core, SIEM tools are data search products with ‘over the top’ capabilities for rules and analytics. Any similar data platform can perform the basic function of a SIEM tool.
The range of rules inputted into SIEM tools today to alert security analysts to events and trends are largely derived from open-source projects (whether that’s the Sigma project or MITRE ATTACK framework) that are easily accessible. So, what’s driving the lofty price tag of traditional SIEM tools? The answer appears only to be that tools demand a high price because of their security use case. That’s unnecessary.
Combine the power of open-source projects in A-Ops
SecureAck’s A-Ops platform is already being used by many IT and security teams to build and run automated security workflows. And now, users will be able to carry out SIEM functionalities in the platform for a fraction of the cost.
Thanks to a new platform update, A-Ops users can use OpenSearch – AWS’ open-source family of data search and analytics software – to start building automated workflows that run OpenSearch queries using data logs from their IT environment. This amounts to automating traditional SIEM data stream and alerting in A-Ops. Users can dip into a set of two and a half thousand SIGMA rules for workflows built in A-Ops to carry out key SIEM functions, like risk scoring and hostname detection, informed by powerful founts of open-source knowledge on the observed behaviour of threat actions.
Those familiar with SIEM products might be thinking that OpenSearch isn’t geared towards security applications. That may be so, but OpenSearch is “under the hood” of our proposition. Over the top, the A-Ops platform enables analysts to easily spin up dashboards and run search queries related to security events, just as they would in any popular SIEM tool.
Data lakes are a key variable in data-driven automation
More security and IT leaders are prioritising data-driven automation today. We’ve already explored the drivers of this – the ongoing tech skills shortages, a scaling threat landscape, and tool sprawl – in our previous blog posts. But to shift towards being more data-driven, organisations need to choose the right data lake.
Using OpenSearch in A-Ops is a great solution. Unlike a traditional SIEM which comes with a hefty price tag that sees organisations limit the amount of data they keep and log to keep costs down, OpenSearch can hold all kinds of data more cost-effectively. This means that A-Ops users – from IT and security teams alike – can start building automated data workflows in the platform. For IT and security leaders, being able to equip their teams with the same toolset to carry out organisational-wide, data-driven automation is a huge plus. It facilitates knowledge sharing and ultimately cuts the time to value unlocked by more automation and data-led processes.
A-Ops places an absolute, non-negotiable premium on end-user security and that applies to data security. Data sent to and from OpenSearch in the A-Ops platform always stays in the end user’s data plane and never touches SecureAck’s cloud environment.
There’s a myriad of benefits for security and IT teams that embrace an automated mindset. Popular SIEM tools detect security events, but the follow-up isn’t optimally automated. A-Ops users can carry out this SIEM-like detection and follow-up with limitless, no-code automation – all in one platform. The sky is the limit and we’re looking forward to seeing what our users do with these new platform functionalities.
Reach out to the team today to see how A-Ops’ SIEM functionalities for yourself.