IBM Security Guardium

 View Only

Cutting Costs by Cutting Junk: IBM Security Guardium Insights and the SIEM

By RYAN SCHWARTZ posted Wed March 10, 2021 04:57 PM


How can Guardium Insights, a data security solution, help you (yes, you!) cut down on your SIEM costs?


Before I explain, let’s set some context. In conversations with enterprise customers, many have reported that with other data security solutions, SIEM costs—typically billed per number of events—can balloon with excess cases, in some instances running over $750k per year.


Why does this happen? Well, it helps to picture effective security as a well-told story. If the narrative is too bogged down with details, that narrative becomes muddled, and the reader may miss key information that could help them better understand the overall plot or subtext.


Similarly, if a data security tool shares every data event with the SIEM without first refining that output (whether identifying key insights based on risk level or using analytics to surface the most critical incidents), the SIEM will be overloaded with extraneous details or low-risk events or, at worst, false positives. This, in turn, hampers the ability of a security analyst to understand what data is pertinent and which threats are most pressing.


What this also does, is stick an organization with unnecessary costs due to data security oversharing, from additional storage expenses to the human cost that comes with employee attrition (83% of cyber security professionals report suffering alert fatigue).


But how does Guardium Insights help? With Guardium Insights’ advanced analytics, data security events are analyzed and scored to help security teams immediately understand which events could be most damaging to an organization. In one case, an internal test found that with a traditional data security solution, 1.7 billion events per day were being shared with the tested SIEM. That equals 2.7 terabytes of data. So, not only were the per event costs incredibly high but the storage costs were primed to grow exponentially if this organization chose to expand.


With Guardium Insights and its analytics engine installed alongside the traditional data discovery and classification approach, that event total was cut to 180 actionable events per day. In other words, 1.7 billion events went in, and 180 ended up in the SIEM. This not only helped reduce the burden on security analysts but reduced the storage burden; these 180 events required only 126 kilobytes of storage space.


How can you make use of these capabilities today? Currently, Guardium Insights can integrate with major SIEM solutions, such as IBM Security QRadar and Splunk, via REST API integration.


Here is a short video illustrating how easy it is to access and use REST APIs with Guardium Insights:

And here is a quick video detailing the Guardium Insights and Splunk integration:


More Information:

Guardium Insights Product Page

Qradar Product Page

Register for the upcoming Tech Day!