WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
IT and cybersecurity budgets are not growing. With economic turmoil on the horizon, enterprise IT and security teams are striving to squeeze efficiency out of security operations. This blog highlights areas to gain greater efficiency in your cloud security operations.
Cloud infrastructure service costs are a rapidly growing part of the budget (see below chart). In the same way that a solid house needs to be constructed on a strong foundation, efficient cloud security operations need to be built on a solid strategy. Building things right optimizes security operations while avoiding inadvertently draining your budget. Establishing the right strategy can control costs while also providing flexibility to adapt as your business changes. You don’t want a rigid architecture that cannot adapt as the business evolves.
Cloud security costs are complex. Simple answers are hard to come by, but our internal SOC experts have pointed out some key areas you can scrutinize to control costs while maintaining an efficient security posture.
Practically every enterprise operates in one or more infrastructure-as-a-service (IaaS) clouds. The major cloud service providers like AWS, Microsoft Azure, and Google Cloud Platform have a huge portfolio of services and a variety of ways that they charge for it. Navigating that complexity to arrive at the most efficient approach takes effort, and there is no one-size-fits-all. Below are some of the key focus areas to scrutinize when trying to optimize your cloud security operations costs:
Cloud providers charge for data going into (ingress) and leaving (egress) their cloud environments, much to the chagrin of many cloud users. Enterprises with centralized SIEMs may frequently pipe log telemetry from one cloud provider to another or from one cloud provider to an on-premises SIEM. This runs up a bill given the volumes of raw log data being shipped. You can never eliminate these charges, but you can look for ways to reduce them. Here are a few scenarios common among ReliaQuest customers:
Cloud log storage is frequently an overlooked area for optimization. Logs are often generated in a native cloud service and then sent to the SIEM. For example, AWS Cloudtrail logs are often sent to an S3 bucket to then be sent onward to a SIEM, effectively incurring double the storage costs. One way to reduce costs would be to enable a lifecycle policy for the S3 bucket to delete or change the storage type to a lower-cost alternative.
SIEMs are beautiful technology for correlating security events, but you can run up a bill if you don’t configure things properly. There is a wealth of log data that you could potentially ingest into your SIEM, but figuring out what is important and what is irrelevant is an important problem to solve.
Data filtering is one area where customers find cost savings. If you filter out irrelevant data, you can ensure you are ingesting the right telemetry into your SIEM. Another way we see customers optimizing their SIEM licensing costs is by taking advantage of opportunities like Microsoft E5 licensing. Enterprises frequently maintain their existing SIEM infrastructure but use the Microsoft Sentinel SIEM provided as part of an E5 license for their Microsoft telemetry. To no one’s surprise, the Microsoft SIEM plays particularly well with other Microsoft products. While you need to be careful to make the right log filtering and ingestion decisions, this “multi-SIEM” approach with Microsoft Sentinel for Microsoft telemetry can frequently provide the desired visibility and risk management at an optimal cost.
It is worth noting that this sort of multi-SIEM approach is not something that every security operations or MDR provider can accommodate. If you have a provider that requires centralized log collection, you may not have much flexibility in controlling SIEM costs with a multi-SIEM approach. In contrast, ReliaQuest GreyMatter is designed to integrate with multiple SIEMs and clouds to facilitate a multi-SIEM approach.
Transporting log telemetry across cloud platforms typically incurs data ingress/egress charges (see above), and it also may require data transformation. That transformation ensures that the data is usable inside the SIEM, but it comes with a cost. That cost can be direct (software licensing) or indirect (the time and effort of your team to construct the solution). If you can architect your solution to avoid having to move data, you can frequently avoid data transformation and the cost associated with it. Microsoft environments are a prime example of this; Microsoft Sentinel, the Microsoft SIEM, is designed to easily ingest data from other Microsoft tools. It is “point and click,” saving your team from spending significant resources constructing a data pipeline.
Moving infrastructure to the cloud generates a larger volume of security telemetry, and data in the cloud costs money. This dynamic results in a tension between visibility and cost. While you can build efficiency into your cloud infrastructure to handle the increased telemetry volume, you may uncover gaps in visibility along the way. IT teams may not communicate actively with the security team, and the security team may discover unmonitored applications or infrastructure. Security leaders want the maximum possible visibility to potential threats, but visibility can have a cost when it comes to ingesting log telemetry. You may discover as you evaluate your environment that you have blind spots and need more log collection to gain visibility and manage your risk. At ReliaQuest, our SOC regularly locates gaps in cloud infrastructure visibility and works with customers to fill those gaps. That can require ingesting more log data, and that comes at a cost that needs to be weighed.
Choosing the right cloud infrastructure and tuning that infrastructure ensures that you are using your budget wisely. It’s important that you make the right design choices and then continuously tune the environment.
For example, if you are deploying a SIEM in an infrastructure-as-a-service (IaaS) provider, you want to choose the right instance type to deliver performance while conserving IaaS costs. This sort of advice is something that the ReliaQuest SOC helps customers with their decisions, and then the ReliaQuest team can tune the environment to optimize log ingestion to control SIEM costs.
This blog highlights some areas where you can improve your cloud security operations efficiency. As you look for ways to gain greater efficiency from your security operations program, give us a shout. We know a few things about cloud security and efficiency because we’ve seen a few things. ReliaQuest helps make security possible by enabling security operations across clouds, endpoints, and on-premises assets. Through our GreyMatter security operations platform, we help customers detect, investigate, and respond to threats in the cloud and improve their security operations programs. Our security operations experts can help you to extract the maximum value from your existing security investments and provide the flexibility to make certain you effectively manage risk with maximum efficiency.