An analysis published today by Cribl, a data management platform provider, suggests that the amount of data being processed and analyzed by cybersecurity teams is increasing exponentially.

Based on the volume of traffic moving through Cribl.Cloud, the report finds there has been a 32% increase in the number of sources of data, with Splunk, REST application programming interfaces (APIs), Windows event logs and the Amazon S3 cloud storage service at the top of the list.

The number of destinations for that data has increased by 15%, with Splunk and Amazon S3 at the top of the list.

Additionally, the report notes that 16% of organizations using the Cribl platform are sending data to multiple security information event management (SIEM) platforms, with CrowdStrike Falcon NG-SIEM, Google SecOps and Microsoft Sentinel among the fastest growing.

Nick Heudecker, senior director for market strategy and competitive intelligence for Cribl, said one reason organizations have multiple SIEMs is transitioning from one platform to another usually occurs over an extended period. That’s become especially challenging for organizations that have relied on a SIEM provided by a vendor that has been recently acquired, he added.

After many years of inattention, cybersecurity teams are now squarely focused on SIEM platforms through which they are collecting and analyzing data to identify threats. Much of that data will soon be fed into artificial intelligence (AI) models that cybersecurity teams will rely on to automate a wide range of tasks.

Storing More Data Using Cloud Services

As part of that effort, cybersecurity teams are now also storing more data using cloud services based on object storage systems such as Amazon S3 to lower the total cost of storage, noted Heudecker.

Less clear is the degree to which cybersecurity teams might need to add data engineering expertise to their teams to programmatically manage all the data that needs to be collected. That data also needs to be processed and analyzed faster than ever to keep pace with cyberattacks that are increasing in both volume and sophistication. The longer it takes for an organization to discover a breach the more catastrophic the consequences are.

Ready or not, cybersecurity increasingly will depend on the ability to process data in near time in a way that surfaces anomalous behavior that needs to be immediately investigated. Most organizations today don’t have the resources required to achieve that goal, but it all starts with an ability to process and analyze data at a level of scale that isn’t possible without employing a modern SIEM platform. The next challenge then becomes how to feed enough data into that SIEM platform to warrant the investment in the first place.

Regardless of approach, however, the one certain thing is that expectations concerning the ability of organizations to detect and contain breaches are rising. The days when organizations required months to detect and fix a data breach are rapidly becoming an anachronism. The longer it takes for a breach to be discovered and remediated the more blame will be shared among everyone involved.