September 15th, 2022
What is SIaaS? An introduction to security infrastructure as a service
Christopher Luft
Security infrastructure as a service (SIaaS) is an engineering-centric, infrastructure-first approach to cybersecurity—and is at the heart of everything we do at LimaCharlie. In this post, we’ll explain more about what SIaaS is, why it’s important, and how it differs from legacy models of cybersecurity.
Where does SIaaS come from?
Security infrastructure as a service is related to the wider infrastructure as a service (IaaS) movement in IT.
SIaaS is an attempt to address challenges in a rapidly maturing industry—just as IaaS was when it was first introduced.
AWS, Azure, and other IaaS providers succeeded because they helped developers solve a number of problems that they were facing at the time. They offered:
The ability to go beyond vendors’ off-the-shelf products and build more complex solutions.
Direct access to interoperable, vendor-agnostic primitives that could be used as building blocks in custom development work.
Scalable server infrastructure that could be spun up or down as needed (without having to go through a cumbersome IT procurement process).
An on-demand model that bypassed vendor gatekeepers and did away with lengthy negotiations and mandatory multi-year contracts.
The result was a revolution in development and IT—and the creation of immense value for businesses around the world.
Today, cybersecurity is in much the same place as IT was before IaaS. SIaaS solves many of the same problems, but for the cybersecurity industry.
What is SIaaS?
SIaaS gives cybersecurity practitioners the tools and infrastructure they need as interoperable, cloud-native primitives, on-demand, and pay-per-use, similar to the way AWS does for IT.
This is a radical shift away from the legacy model of cybersecurity. Instead of selling a one-size-fits-all product to security teams, SIaaS gives security teams a set of building blocks to work with: core cybersecurity implementations that can be used to engineer whatever solution is called for.
The capabilities offered by SIaaS are extensive and growing. A few representative examples include:
Endpoint detection and response (EDR) using custom detection and response rules or curated rulesets like Sigma, YARA, Soteria, etc.
Log and artifact ingestion and monitoring (plaintext logs, Windows Event Logs, PCAPs, Apple XML plists, etc.)
Digital forensics and incident response tools
Automated security testing via integration with libraries like Atomic Red Team
Data output to arbitrary location(s) for storage and/or analysis, e.g., Amazon S3, Google Cloud Storage, Humio, Kafka, SMTP, Slack, Splunk, Syslog, Azure Event Hub, and so on
Historical threat hunting by running detection and response rules against stored telemetry data
It’s worth reiterating that SIaaS companies are delivering all of these capabilities as interoperable primitives. In other words, what’s on offer here is essentially the ability to “do cybersecurity” in a generic way: mix and match, plug and play, and with all data visible in a single hub and format.
Why is SIaaS needed?
There’s a lot that can be said on the subject of why SIaaS is necessary, but the TL;DR reason is that cybersecurity as an industry has grown up—and thus has outgrown the kind of cookie-cutter solutions offered by traditional vendors.
Expanding on this a bit, we can point to a few key trends that call for a new approach to cybersecurity:
A more skilled and mature workforce. Cybersecurity isn’t a new discipline anymore. Today’s security leaders have spent their entire careers in the field—and even entry-level workers are coming in with far more knowledge than they would have two decades ago. That means that security teams are increasingly capable of building their own custom security tooling and implementing advanced methodologies like detection engineering. In short, security professionals can do more, they’re being asked to do more—and they don’t want to be constrained by someone else’s solutions.
The rise of DevSecOps. In enterprises everywhere, cybersecurity is now seen as an integral part of the development process instead of something to be tacked on at the end or outsourced to a third party. As a result, many security teams are shifting to an engineering approach to cybersecurity. However, that kind of approach works best if you have full control over your tools and infrastructure—something that simply isn’t possible with legacy cybersecurity vendors.
A changing business landscape. Cybersecurity is booming, and cybersecurity companies—from MSSPs to security consultancies to DFIR firms—are looking to grow. But that’s hard to do when you’re in direct competition with your own vendors: something that’s far too common in the current cybersecurity vendor landscape, unfortunately.
Benefits of an SIaaS approach to security
SIaaS offers a solution to the challenges of the cybersecurity industry by doing for cybersecurity what AWS did for IT. Security infrastructure as a service gives cybersecurity teams:
Fast, easy, self-serve access to core cybersecurity functionalities
The ability to engineer custom security solutions and/or implement advanced cybersecurity methodologies and automated workflows
Scalable security infrastructure with no contracts or fixed minimums
An API-first provider that offers real visibility into the security tooling and infrastructure being used—as opposed to the magic-box solutions and “just trust us you’re safe” mentality of non-SIaaS cybersecurity vendors
A way to bypass their company’s IT procurement process
An end to having to run everything through vendor sales teams and organizational gatekeepers
A technology-focused vendor that acts as a genuine partner and doesn’t compete with them for business
Clearly, security infrastructure as a service represents a sea change in the way cybersecurity is practiced. But it’s an approach whose time is due (and probably overdue). For this reason, it’s attracting the attention of more and more cybersecurity professionals. In time, we believe SIaaS will become the dominant model in the cybersecurity industry, just as IaaS is for IT.
Getting started with SIaaS
The best way to understand how SIaaS works is to see it in action for yourself. LimaCharlie offers a full-featured free tier or a no-obligation 20-minute demo to those who want to learn more. Try LimaCharlie or book a demo today!