|
|
|
|
|
|
by freehunter
3001 days ago
|
|
|
I can’t talk too much about Salesforce and Mulesoft since I’ve never used them and don’t have many clients asking me about them. When it comes to next-gen security appliances, I see them enhancing the SIEM, but not replacing it. Too many regulations require centralized log management, and organizations depend on a central alerting and monitoring platform. I do see these security platforms making the SIEM cheaper and dumber, though. Whether it’s a storage-based pricing like Splunk or an event Rate pricing like QRadar, licensing costs a lot. Which means it costs a lot to feed a bunch of dumb logs into a system that makes information out of dumb logs. As long as you already have a Palo Alto, you might as well feed the IDPS logs into your SIEM and forget the rest: it’s fewer logs, cheaper licensing, and less hardware needed on the SIEM. You already have the Palo doing the intelligence. With regards to hybrid clouds that are popular today, you see a lot of SIEMs go to the cloud. You can ship logs cloud-to-cloud, which saves bandwidth backhauling it to the enterprise. It is a challenge for security logging to get data from there though. Oftentimes it costs extra to send logs, or can’t be done at all. Amazon wants you to use Cloudwatch. Microsoft wants you to use Security Center. It’s a pain to centralize it all. That’s going to have to change. |
|
|
To your last point: sounds like it should change, but not that it necessarily will. I can’t fathom the cloud providers would allow an independent third party come in and take this business from them, despite how much easier it would be for the customer.
I thought splunk was usage based pricing, not storage based? But yes, I have heard similar things on how quickly it can get expensive, sometimes without any warning when they get a bill 10x what they expected...
Thanks for your time.