• Jason Hines

Why SaaS for Cybersecurity Data Analysis?

When I speak to security practitioners, I'm often asked whether Gigasheet can run in a private cloud environment, on a local server, or even on a laptop.


The short answer is no.


The slightly longer answer is no, and there are good reasons why.


The Problem with Self-Hosted Tools


Security teams need to detect and respond to the high-priority security issues quickly. They use these tools to surface issues, detect threats, and prevent attacks.


Historically, deploying enterprise analytic tools — be they home-grown, commercial, and/or open source — required security teams to invest not just in these applications, but also in the infrastructure, hardware, and skills needed to run and host them.


This is not a one-time upfront cost. Organizations also needed to invest time and resources in the ongoing maintenance and management of the infrastructure, which includes ensuring each individual component remained secure, fully patched and up-to-date. The team doesn’t just maintain the application: it has to maintain the operating system, the virtual machine, the server hardware, etc.


Getting all this right required significant expertise, paired with an education plan to continually update the skills in these various disciplines. All this comes at considerable expense, and none of this directly relates to the security team’s primary goals. But security teams must maintain this investment, not only for operational, performance, and system integrity reasons, but to ensure tools are up-to-date with industry trends.


All this time, effort, and expense takes away from the resources available to perform the team’s core focus: lowering risk and minimizing losses for the organization.


Over time, security analytics tools have required more and growing resources to complete the large scale work done by today’s practitioners. This results in significant overhead. Security teams need to keep ‘upping the power’ (and therefore cost) of cloud instances, and must continuously migrate to new infrastructure to maintain performance. And thus the cycle continues: more planning, more testing, more installing, more upgrading, etc.


In a world where rapid response times are critical, distracted teams doing anything but running security investigations have significant consequences.


Amazingly, many investigations rely heavily on tools that run on a local server. Long story short: if your organization is relying on locally hosted analytics solutions, you will be left behind. These solutions simply can't dynamically scale to handle the huge datasets involved in today's investigations. As an industry, we need solutions that allow analysts to focus on their primary task — NOT on the infrastructure configuration, deployment, and ongoing maintenance and performance monitoring of their tools.

SaaS Is Eating The Security World. Photo: Invader art in Hong Kong https://www.space-invaders.com/world/hong-kong/

Why SaaS Is Eating The Security World

Marc Andreessen wrote his famous article Why Software Is Eating the World in 2011, but I'll take it a step further and extend this to SaaS for security.


A turnkey cloud solution for data analysis relieves security teams of many burdens. The value proposition is simple. Compared to other options, SaaS security analysis tools are faster, more accessible, more reliable, and even more secure.


Faster. No more waiting around on slow laptops and under-resourced VMs . The most intensive tasks and calculations can be completed in seconds, powered by the provider’s vast computing resources and infrastructure.


More accessible. Instead of wasting time and resources on infrastructure and maintenance, analysts can access all the latest functionality from the moment they log in. The uptime of today's cloud means a team's tools do not suffer the same downtimes that are seen in less stable (e.g. crashing, patching, restarting) self-hosted apps running in local or hybrid environments that are frequently understaffed.


More reliable. With a SaaS tool, analysts don’t have to worry about whether the infrastructure has been sized and maintained properly, the latest patches have been applied, or the app version is up-to-date. The latest and greatest version just works the way it’s supposed to.

(Obviously, sometimes SaaS solutions have issues. But they get fixed immediately by a dedicated team, and normal service resumes much faster than with internally hosted tools.)


More secure. This might sound strange. But let’s say you host a tool in-house. How many people are responsible for ensuring the tool is fully patched and configured properly? How about ensuring the data the tool holds is stored securely? For a SaaS provider, these tasks are all carried out by a dedicated team that knows the tool and its environment inside out. SaaS providers understand how devastating a single breach of their system would be to their entire customer base, and therefore have the economic incentive to ensure their security practices stay best-in-class. With the right technology and best practices, SaaS can be far more secure than on-premise, or even private cloud applications.


SaaS = Better Security


Faster incident response decreases losses. There are many ways to decrease incident response time, but here are a few that are specific to SaaS:


Increase collaboration between analysts. A SaaS security analytics tool allows multiple analysts to collaborate, working with the same data, and sharing insights and ideas in real-time. Try doing that when you’re working with locally installed tools on separate laptops.


Faster investigations. If it takes two hours to load data and five minutes to complete a calculation or perform some function in an analytics tool, that adds 125 minutes to your response time. Do that a handful of times, and you're losing days. SaaS applications have massively more power than locally-hosted tools.

The infrastructure isn't your problem. Let analysts focus on analysis, and let a service provider handle everything else. Installing, configuring, patching, upgrading, and bug fixing can waste a huge amount of time, which is not what you need when you’re trying to respond to a serious incident.


Go Go Gigasheet


Gigasheet is a no-code, data science workbench optimized for cybersecurity. It understands IP addresses, IoCs, Unix time, and common data formats, so you won’t waste time reformatting, splitting, or concatenating columns just to answer basic questions.


Critically, Gigasheet offers the scale and performance only found in a SaaS platform. Data storage and compute power in the cloud is virtually limitless, allowing analysts to work with the huge datasets that have become common in the field—with a fraction of time spent waiting for the tool to load or perform intensive tasks. And, because our software is designed for the cloud, using Gigasheet is far more cost-effective than paying for your own hosting instance.


Best of all, Gigasheet is kept constantly up-to-date with the latest functions, features, and capabilities. As soon as threat intelligence becomes available, we can instantly deliver detections against IOCs to all of our users. We ship improvements, optimizations and fixes nearly every day. We have an entire team that focuses on infrastructure operations 24x7. Your team doesn't have to lift a finger to keep it that way.


You focus on the analysis, we’ll handle the rest.

We’re looking for beta testers to help us make Gigasheet the best it can be. We want to know exactly what problems you face as a security practitioner so we can make sure Gigasheet is equipped to solve as many of them as possible.


If you’d like to help us make Gigasheet the ideal solution to your problems, sign up to be a beta tester today. Create an account to get started.