Oct 07, 2015 By Jean-Paul Bergeaux In Blog

Storage for Cybersecurity Collection Requires Back-to-Basics Focus

Do you remember when your phone was just able to make a call and maybe, just maybe, text someone?  You had to hit the number keys multiple times to make letters for texting?   Did you know that you can still buy a phone like that on Amazon for around $20 with no contract?  They are simple and do what a phone used to do, before iPhones and Androids changed the world as we know it.

Most people today want a smartphone with its features and functions, however, would you pay $500 for a smartphone if you just needed it to make phone calls?  On the flip side, would you buy an off-brand phone that was cheap, but might fail at basics, like losing calls, or have button problems when dialing?  This is where security professionals are now when it comes to collecting and storing cybersecurity data.

Today’s storage arrays offer many very valuable and high level features and functions for user shares, database integration, and developer environments, but none of those are needed for most cyber security use cases.  This is causing many SOCs to under size storage and retention for lack of funds.  Often the security collected data is tied to a higher level functioning application that already manages the data and all they need is basic storage and reliability.  Architects are declaring, “Just give me quality and top notch support with my fast, dense, power efficient storage!”

Now what is happening is that, many architects are out buying today’s enterprise storage arrays that have a lot of great functionality they don’t need simply because they don’t trust the “basic” storage array options.  Would you go buy “Joe’s storage array” if you were storing sensitive and important cyber security information you NEEDED to be available at a moment’s notice to do a search or correlation and determine if a hacker is in your network?  Of course not.

Some have looked at big data warehouses, but quickly see problems with data center space and cooling because of the way these systems are designed specifically for very fast data processing.  The added cost for floor space and cooling to achieve the storage requirements using these types of big data warehouses adds up very fast and in the end, doesn’t fit the needs of cyber security use profiles either.

There is an option that SwishData has found (See “Solving the Security Storage Challenge” in Whitepaper Resources). Whether you are storing big data for security analytics, storing external storage for your long term SIEM analysis, or straight deep packet capture data that has to be fast, reliable, space and power efficient, there is an answer.  NetApp E-Series stands out in the marketplace as one of the only storage arrays that is HIGH in return on those features, while still having an enterprise support and reliability infrastructure behind it.  You don’t have to wonder where those disks in your array really came from or if the support line will be able to answer your question when you call.  We haven’t been able to find this type of product at a major vendor such as EMC or Hitachi at the attractive price point that NetApp offers E-series.

Sure you can buy a non-enterprise array that isn’t NetApp, but should you?

You can learn more about NetApp in our new whiteboard here.