SaaS-based applications have quickly become the norm in today’s modern business ecosystem. Undeniable savings, efficiency, flexibility, and scalability are fueling the nearly 20% year-over-year growth of the $85.1 billion SaaS market—with no sign of slowing down anytime soon.
While productivity and marketing automation tools were early to the SaaS adoption wave, cloud-based software now spans all markets, including security. Modern security teams are looking at cloud-based security tools because of their flexibility and scalability, pre-built integrations, data analytics, real-time threat detection, ease of management, and cost savings. For those reasons, more and more security professionals are adopting cloud security information and event management (SIEM) to optimize their threat detection and response].
As it would be for any software evaluation, there are a number of considerations buyers will need to assess for a SaaS-based security platform. Cloud SIEM customers should understand where their data lives, how it is collected, and how it is protected. Our Rapid7 team recently sat down to review Gartner’s recommended questions for evaluating cloud SIEM vendors, based on our InsightIDR cloud SIEM tool. In this post, we’ll quickly review five of those critical questions to help kick-start your cloud SIEM evaluation.
1. Where is the cloud SIEM solution delivered from? Where is my data stored?
- Rapid7 Insight cloud is hosted on Amazon Web Services (AWS).
- InsightIDR is a multi-tenant application; all customer data is isolated and encrypted at rest in its own individual database.
- Additionally, log data is tokenized using a unique UUID that further isolates your data. Customers can select where data is physically stored across US, EU, CA, AU, and JP regions.
2. How is the data in your cloud SIEM protected?
There are multiple layers of security that protect the data you entrust to InsightIDR, including:
- Data encryption between on-premises collectors and the Insight cloud
- Public key cryptography and challenge-response handshakes
- TLS communication between collectors and the Insight cloud
- Rigorous recurring assessments to ensure compliance with industry standards, including SOC 2 Type II audits, GDPR compliance, SOC 3, FedRAMP Partner Package, and ISO 27001:2013 SoA
3. Does the cloud SIEM solution provide the scaling and ease of management benefits of a true SaaS model?
Yes! InsightIDR was designed and built in the cloud from its origins (as opposed to retrofitted for the cloud), and provides:
- A cloud-native SIEM that automatically scales to accommodate your data based on load
- Continuous deployment for automatic updates, detections, and new features (no tedious updates!)
- Fast deployment times, so you start seeing value in days, not months
4. How is my data collected and transported to the cloud-based SIEM?
InsightIDR securely collects data across your entire network (not just on-premises) in three different ways:
- Collectors, which aggregate log data from domain controllers, log files, cloud-service APIs, and syslog streams from network appliances (among other sources).
- The Insight Agent, our lightweight software you can install on Windows, Linux, or Mac assets to get endpoint threat detection and response.
- Our extensible REST API, which allows you to integrate existing security solutions with our Insight cloud platform.
Since analytics are performed in the cloud instead of an end user’s assets, there is minimal impact to your internal network and systems.
5. How does the vendor ensure availability of their cloud SIEM?
- InsightIDR users can check the availability of the Insight cloud at any time here.
- Customers benefit from automatic backup, redundancy, and high availability as a result of our hosting in AWS.
- Additionally, Rapid7 has our own network infrastructure redundancy, backup, and recovery capabilities, as do our data centers.
These answers provide just a snapshot to jump-start your cloud SIEM evaluation and help you better understand how your data is collected, where it lives, and how it is protected. Get a more in-depth review and check out our answers to all 10 of Gartner’s key questions for cloud SIEM vendors in our full Companion Guide here.