What are folks using for monitoring/alerting in their SaaS environments?

  • 1 December 2020
  • 23 replies
  • 106 views

Badge

What are folks using for monitoring/alerting in their SaaS environments? Bettercloud and Splunk? just Bettercloud? outsourcing to a MSSP? We’re trying to figure the best way to set this up as a SMB in a heavy SaaS environment, with only a few on prem network devices (firewall, couple servers, etc). Is there any way to see both on prem network devices and Saas apps in a single interface or is a two tool approach best?


This topic has been closed for comments

23 replies

Userlevel 2
Badge +2

The BC alerting function is definitely helpful. We pull as many critical SaaS app logs into our SIEM as we can. We're not Splunk level - but most modern SIEMS can use the SaaS APIs.


Open Thread in Slack
Userlevel 2
Badge +2

We use DataDog.


Open Thread in Slack
Userlevel 1
Badge +2

We use SumoLogic with PagerDuty for on-call/alerting


Open Thread in Slack
Badge

If your on AWS I recommend https://runpanther.io/ for doing some infra and security alerting. It's a newer SIEM with from some folks I worked with at Airbnb. Deployed the community edition and its working well for detecting infra misconfiguration and great for writing some very custom security alerts. It's a really different approach, in the past I have used Sumo, Splunk, Datadog. They feel like entirely different tools compared to Panther where you write python rules to alert on steams of data. The original product at Airbnb was called 'StreamAlert'.


Open Thread in Slack
Badge

We also use Grafana and Prometheus for the monitoring side.


Open Thread in Slack
Userlevel 2
Badge +2

We looked at Panther also but lack the in-house development power needed to configure it.


Open Thread in Slack
Badge

Oh by SaaS environments are you talking about monitoring your companies SaaS product that your team develops or monitoring 3rd party apps?


Open Thread in Slack
Badge

Panther has a SaaS version you can buy, but the product is very dev focused, if your team likes writing snippets of python to make detectors they will love it, otherwise not.


Open Thread in Slack
Badge

I’m talking about monitoring third party SaaS apps (GSuite, Salesforce, etc.) Part of this too is that the in house capacity to setup/manage this is very limited…mostly just me.



Open Thread in Slack
Badge

ah very different animal. We don't monitor SaaS app availability but when I worked at a large company we did synthetic tests and had fake users log into all sorts of things to catch if systems went down before the users noticed. We do this for our product using https://www.pingdom.com/ but the checks are too pricy for our 3rd party apps



Open Thread in Slack
Badge

Datadog would be a good choice for that



Open Thread in Slack
Userlevel 2
Badge +2

We were able to set up most of our critical SaaS stack in DataDog with limited dev knowledge.



Open Thread in Slack
Userlevel 2
Badge +2

Then hook in via Jira/Slack.



Open Thread in Slack
Badge

cool, I’ll definitely check out DataDog. Thanks!



Open Thread in Slack

@mnorton - great thread and question!

Can you share any more context on why you want to monitor the SaaS apps? Is it specifically for uptime/downtime or other use cases?



Open Thread in Slack
Badge

to meet NIST 800-171 requirements. Looking at unauthorized use/access, malicious activity, login attempts, etc



Open Thread in Slack
Userlevel 2
Badge +2

The SIEM would be your best bet to fulfill the centralized logging requirements of NIST. Having an automation tool to respond and prevent would be best practice also. I would still recommend at least 2 tools if possible.



Open Thread in Slack

Thanks for feedback, I'll have to read up a bit more about NIST



Open Thread in Slack

I'm curious if anyone tried using the Elastic SIEM to monitor SaaS apps since the open source & basic license versions of the product are free. The new 7.10 version includes detections for potential Zoom security issues, but of course, BetterCloud can provide a lot more SaaS visibility beyond Zoom.



Open Thread in Slack
Userlevel 1
Badge +1

We use an AlienVault SIEM from our MSSP.

interesting. i used to know a guy who managed alienvault implementations for MSSPs. do you like the solution for SaaS monitoring?



Open Thread in Slack
Userlevel 1
Badge +1

It works well. The AlienVault gets logs from Sophos, Google G Suite, Box and many more. As I recall there are over 400 integrations available. We have the AlienVault VM running in ESXi (free version) running on a MacPro (VMware certified) on premises. We have a full time remote workforce. 

that's interesting. thx for sharing.



Open Thread in Slack