Blog: Why do enterprise SOC teams need CIEM now?

Issue link:

Contents of this Issue


Page 0 of 1

What Is CIEM? Among the many changes of 2020, Gartner added a new category: cloud infrastructure entitlement management (CIEM). While CIEM may sound similar to SIEM (security information and event management), the two security solutions are not the same, and CIEM is increasingly vital as organizations continue to prioritize company-wide digital transformation and deployment of zero trust architecture. Back in 2005, when enterprise networks were largely on- prem and firewalls were all the rage, Gartner coined the term, security information and event management (SIEM). For the first time, a single security solution could collect, store and analyze all server logs across all network traffic, generating valuable security alerts and speed up incident response and remediation. Companies like IBM QRadar and HP ArcSight have been in the SIEM market for a long time, and cloud-native SIEM vendors, including Splunk, Sumo Logic and Exabeam offer a wider set of capabilities suited for cloud-first and hybrid environments. But none of these SIEM vendors have the ability to extend their platform to manage and enforce entitlements and permissions for the multi-cloud and hybrid cloud enterprises. CIEM is the next generation of solutions for managing entitlements and permissions for all cloud infrastructure identities and resources and enforcing least privilege policies in the cloud. This enables organizations to design and implement zero trust architectures in multi-cloud and hybrid cloud environments. And as multi-cloud adoption continues to increase across the industry, the movement of workloads to such environments requires in-depth visibility and analysis of cloud infrastructure accounts, permissions, entitlements and activity, and granular controls. So, Why Do Enterprise SOC Teams Need CIEM Now? The only way to address the monumental challenge of securing an organization's hybrid and multi-cloud infrastructures is by identifying their Cloud Permissions Gap risk and by successfully implementing the principle of least privilege (PoLP) and Zero Trust Access. However, Zero Trust Access is impossible to achieve unless the enterprise can manage and eliminate over- permissioned identities in their cloud infrastructures effectively. What's more, managing security system administrators, developers, machine identities and cloud resources in multi- cloud environments manually is impossible because of the exponentially increasing number of identities, granular permissions and cloud native services. A comprehensive CIEM solution can solve all of this for the organization. But how do security operations center (SOC) teams know what to look for? Here are the top three questions all CISOs evaluating a CIEM offering should ask: 1. Scope: Does the platform address the three core pillars of CIEM – identity and authorization management, anomaly detection and response, and continuous compliance? 2. Ease of deployment and use: Can the CIEM offering function across hybrid and multi-cloud environments with quick deployment and uptime? BLOG Blog Entry January 19, 2021 Why Do Enterprise SOC Teams Need CIEM Now? By Raj Mallempati, COO, CloudKnox Security

Articles in this issue

Links on this page

view archives of Blogs - Blog: Why do enterprise SOC teams need CIEM now?