简化的SIEM迁移和日常成本优化（Joe Cicero 和 Mike Pinch）.pdf

《简化的SIEM迁移和日常成本优化（Joe Cicero 和 Mike Pinch）.pdf》由会员分享，可在线阅读，更多相关《简化的SIEM迁移和日常成本优化（Joe Cicero 和 Mike Pinch）.pdf（30页珍藏版）》请在三个皮匠报告上搜索。

1、Streamlined SIEM Migration and Daily Cost OptimizationJoe Cicero and Mike PinchAgendaIntroductionsJoe CiceroDirector of Strategic AlliancesSecurity Risk Advisors Joe.Cicerosra.io Mike Pinch Chief Technology OfficerSecurity Risk Advisors Mike.Pinchsra.ioThe Problem we all faceWhat to collect,where to

2、 route,and what to do with it all while controlling costsDeconstructing a SIEMStuck in a legacy modelTransition to Data Centric DesignToo many logs,too many sources,too much data Whats really necessary?Capacity and Cost Events per second(EPS)vs consumption(GB/day).SpeedSIEM fallacy give me all your

3、dataWhat could we do differently?Enter the data lakeUnderstanding Your Data SourcesWhere and what logsSecurity Data PipelineA critical feature of a modern SOC operationChanneling your data and taking full advantage of dynamically being able to transform,enrich,reduce,mask,and monitor your log data a

4、llows for little waste or duplication and more visibility into your environment Enhances your agility to migrate tools and platforms by reducing the switching cost and complexity Allows for managing data storage tiering,and only sending logs to your SIEM that are needed for detectionsPut investigati

5、on and compliance logs into a lower cost,hot searchable solution Security Risk Advisors Intl,LLC.Proprietary and Client Confidential11Security Data Pipeline ManagementOur industrys standard approach with SIEMs has been“log everything”Over the years this has resulted in significant increases in log v

6、olumeThe shift to cloud-based SIEMs resulted in consumption-based pricing;the more you use,the more you paySIEM vendors capitalize on the“log everything”approachLog volume has explodedSIEMs are expensive(8-10 x)per GB when compared to a data lakeNot all logs are created equalA log can be an alert on