Introduction
In performing its mandate of manufacturing critical resources for the independent government agency, TechFite has to prioritize the security of its systems. However, the company’s CIO has recently raised concerns about TechFite’s security in its infrastructure. Of the 10000 scans done manually by the company, a 30% success is recorded when identifying intrusion signature patterns making it necessary for the company to formulate a new solution to ensure efficient and secure data storage. The problem facing TechFite analyzed case study is log analysis and threat detection.
Proposed Emerging Technology Solution
One emerging technology that TechFite could use to solve the secure storage problem is a Cloud-Native Security Information and Event Management (SIEM) solution. JupiterOne, a Cloud-Native Security vendor, was established in 2018 but constantly releases new updates of its SIEM solution (Sadowski et al., 2020). Thus, TechFite should use the latest version to effectively address their current problem (Peace, 2021). JupiterOne’s popularity as a provider of a safe cloud operation environment has continued to rise in recent times (Gremban, 2023). Moreover, it offers organizations like TechFite insights to secure all its collaborations. JupiterOne’s one technology also integrates with various cloud providers, giving TechFite a comprehensive view of its cloud infrastructure and providing insights into its security vulnerabilities.
Cloud-Native SIEM solutions would be helpful to TechFite since they provide real-time scans of incoming traffic networks. Additionally, their system prevents potential attacks such as Denial of Service (DoS) vulnerabilities and advanced persistent threats. These solutions are well compatible with the recent and advanced Machine Learning Algorithms and Artificial Intelligence tools, when used simultaneously, can detect abnormal behaviors and sophisticated attacks.
Cloud-Native SIEM solutions are also scalable, meaning they can store more logs for a longer period and are also easily available. TechFite will be diversifying its operations and setting up operations in European nations, requiring more storage for its logs. Thus, adopting this emerging technology will ensure that data is stored in a manner compliant with FISMA regulations. Similarly, if partners know how Techfite puts security at the forefront, they will be more likely to collaborate with them.
JupiterOne Cloud-Native SIEM technology was established in 2018, so there is limited information to show how successful the technology has been. However, several case studies of organizations that adopted the technology show they enjoyed varying benefits. For instance the Hays Consolidated Independent School District (CISD), a school in Texas, USA. The school needed more staff and resources and consequently had challenges with its cyber security. After collaborating and adopting the proposed solution in the cloud infrastructure, the school was able to achieve compliance with the Texas Education Agency’s cybersecurity framework.
JupiterOne Cloud-Native SIEM technology fits all criteria under the Ganter Hype Cycle to be identified as an emerging technology. The Ganter Hype Cycle is a graphical representation that shows a technology or application that may develop over a particular period (Kunz et al., 2019). The proposed would fall under the slope of enlightenment or Plateau of Productivity stages, indicating that the technology is emerging. Organizations adopting this technology can store and analyze their log data more efficiently and cost-effectively than older technologies such as the Security Information and Event Management (SIEM) system.
Several other factors are available other than the Ganter Hype Cycle. One of the factors is that the technology uses advanced technologies such as machine learning and artificial intelligence to aid organizations in their logins. Moreover, it leverages these technologies to systematize log analysis and threat detection, reduce false positives and negatives, and provide real-time insights into system and network activities, thus increasing detection rates (Garg & Garg, 2019). Deep learning algorithms enable these solutions to analyze vast amounts of log data and detect patterns and anomalies that would be difficult for a company such as TechFite to identify manually.
Adoption Process
The Gartner STREET process can integrate JupiterOne Cloud-Native SIEM technology into TechFite’s current processes. The STREET process has six phases: scope, track, rank, evaluate, evangelize, and transfer. In the scoping phase, TechFite has to identify the problem they are trying to solve. Here organizations need to identify all the solutions that can solve the identified needs. In the case study under review, TechFite’s problem is log analysis and threat detection, as the company seeks to store many logs when complying with FISMA regulations. The emerging technology identified to deal with the problem is JupiterOne Cloud-Native SIEM solution. The scoping phase is necessary to ensure TechFite can solve its specific needs.
The second phase is the track phase, where TechFite identifies the requirements needed to implement the new solution effectively. For instance, the skills and experience needed, the costs and resources necessary, and the potential risks. In the case study, TechFite must identify the hardware, software, personal money needed, and potential risks of implementing JupiterOne in this phase. Tracking would help TechFite understand the current state of its systems and make necessary changes. The third stage is rank, where requirements are prioritized based on importance. TechFite would need to give compliance with FISMA regulations, the ability to manage and store large amounts of log data, and real-time log scanning for potential attacks a priority. By ranking the requirements TechFite can solve its needs based on the importance and urgency.
After the ranking is the evaluation phase, where potential vendors to offer the solution are identified. At this stage, TechFite should conduct a deep analysis of each vendor’s capabilities, experience in providing the solution, reputation, and pricing and contract terms. In the case study, TechFite identified JupiterOne as the best solution for providing cloud-native SIEM technology. Evaluation helps the users of the technology identify the best alternative among many. The fifth stage of the Gartner STREET process is the evangelization phase. In this phase, TechFite has to promote the adopted technology to ensure all stakeholders support it in the organization. Evangelization can be achieved by communicating the technology’s benefits to stakeholders, addressing any concerns, and training people on how to use the system. The financial adoption stage is the transfer phase, where ownership of the new technology is transferred from the vendor to the organization. In TechFite’s case, this would entail migrating the logs into the new system and testing the system to confirm if it meets the organization’s compliance requirements.
Technology Impact
One positive impact of the JupiterOne Cloud-Native SIEM system is that it could enhance the organization’s security posture. Leveraging on JupiterOne system could ensure that TechFite can automatically detect threats, reduce incident response times, and proactively identify and dress security risks, ensuring the system’s security in an ever-changing technological landscape and environment. However, the technology will have a negative impact as it will disrupt current processes and workflows within TechFite if the integration is not done properly.
If not well implemented, the technology could impact people in several ways. First, it would make employees resist the change necessitating additional training. Secondly, it disrupts the current workflows impacting the company’s output. Finally, some employees could quit if they are not well trained and do not understand the system. The aforementioned negative effects could be corrected by TechFite taking the following steps. First is providing adequate training to ensure employees are comfortable using the technology. Secondly, good communication should be done with the stakeholders to make them appreciate the new technology’s importance. Employees also need to be involved in implementing the new technology. Finally, constant feedback should be given to employees and other stakeholders to understand the adoption state.
Technology Comparison
The alternative technology to be compared with the proposed technology will be the AlienVault OSSIM. The advantages of JupiterOne include its scalability, such that it can be used across multiple cloud platforms, and its ability to automate tasks. This automation reduces the workload for the IT teams and improves speed and incidence response rates. The disadvantages of JupiterOne technology are that the system is complex to set up and configure, and the costs, especially for premium subscriptions, are high. The alternative solution also has advantages, including being open source, which makes it more accessible and cost-effective, as well as being easy to use and configure. However, the system has limited scalability and limited automation. Based on the advantages and disadvantages of the two systems, TechFite should adopt the JupiterOne Cloud-Native SIEM technology.
Conclusion
TechFite should do 90-day test runs to determine whether the processes work well. During the test run, TechFite should measure the number of logs per week, the success rate in identifying intrusion signature patterns, the time taken to identify the patterns, and the amount of storage allocated for a log. Success metrics after the test would include intrusion signature pattern rates taken to identify intrusion signature patterns, an increase in the number of log files per week, and storage allocated for a log. Success rates that must be quantifiable include percentage reduction of time taken, signature intrusion rates, and logs scanned per period.
References
Garg, S., & Garg, S. (2019). Automated cloud infrastructure, continuous integration, and continuous delivery using docker with robust container security. 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 467-470. Web.
Gremban, K., Swami, A., Douglass, R., & Gerali, S. (2023). IoT for Defense and National Security. John Wiley & Sons.
Kunz, W. H., Heinonen, K., & Lemmink, J. G. A. M. (2019). Future service technologies: Is service research on track with business reality? Journal of Services Marketing, 33(4), 479–487. Web.
Sadowski, G., Kavanagh, K., & Bussa, T. (2020). Critical capabilities for security information and event management. Gartner Group Research Note. Web.
Peace, C. (2021). Implications of emerging technologies on the accounting profession (Publication No. 616) [Undergraduate Honors Theses, East Tennessee State University]. East Tennessee State University. Web.