利用 AWS S3 存储桶重新构想 SIEM 架构（由 Vega 赞助）.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Reimagining SIEM Architecture Using AWS S3 BucketsAdopting a federated approach to eliminate the SIEM tax2S E C 3 4 6-SIntroEli RozenCo-Founder&CTO Eran LiloofHead of Threat Detection 3 common problems we found in 100+organizations1

2、.Data Volume 1.Data Volume CrisisCrisisTerabytes of security data overwhelms traditional architectures2.Cost Constraints2.Cost ConstraintsHigh SIEM pricing leads to blind spots and data gaps3.Data Fragmentation3.Data FragmentationSecurity insights scattered across disconnected systems4Its time to ch

3、allenge the foundation.4 Outdated Architectural Assumptions5Why are we replicating terabytes of data to a single location?Coupled ComponentsCoupled ComponentsWhy are storage and detection capabilities permanently bundled together?External StorageExternal StorageWhy cant advanced SIEM capabilities qu

4、ery data where it already lives?MultiMulti-Source AnalysisSource AnalysisWhy cant we correlate across multiple storage locations simultaneously?CentralizationCentralizationAWSService fee$AWS storage$AWS egress$SIEMLog analysis&detection$SIEM storage$SIEM ingestion$“Its so expensive to monitor all 75

5、0+accounts in my AWS environment.”The SIEM Tax Scenario6AWSService fee$AWS storage$Indexing compute$Security Analytics MeshLog analysis&detection$“Monitor 750+accounts in my AWS environment?No problem.”The Federated Architecture ScenarioNo SIEM tax.60-80%cost reduction 7Real Success Stories 8Transit

6、ion storage from SIEMto S3 bucketsKeep AWS logs where they liveSIEM is redundantFull visibility and detection over 500+AWS accounts.Without shipping AWS logs to the SIEM70%cost reduction in totalZero egress costs,no SIEM taxMajor E-Commerce PlatformFortune 500