Managing security with a SIEM in any environment is a complex adventure. Protecting your data and infrastructure and meeting regulatory requirements may seem like a daunting task. It is difficult because your security devices might touch all your assets over a vast network. Or you may not have configured your current SIEM correctly for your network, the bigger the network the more complex your security concerns. You may not have enough resources to manage your deployment or your aging infrastructure is reaching the end of what can be done. Many security minded companies have found success by using the best purpose built SIEM on the market today. But there are a few things you should know before you buy and implement a SIEM. This post is aimed at giving you the information needed to be successful in the herculean task of securing your company with a modern SIEM.
If you’re looking for an event log management software, the best method to ensure you end up with something that lets you succeed at securing your environment and not have to break the bank in the process is to solve for these main issues.
- Scalable solutions: Whether your network includes one machine or one thousand, find a SIEM that easily will grow with your environment. This way, you won’t have to continue to pay for new devices or appliances every time you add a new business unit or subnet. The old way of doing business was for the vendors to keep throwing, (and charging for), appliances onto the network when security needed to be scaled up.
- Design flexibility: Find a SIEM that automatically incorporates data from all points of your network; having out-of-the-box support available for all of the popular security applications and devices is a must, and the vendor should have an active Device Integration group which can help you create a link if needed for that home grown security device that is endemic to you network. Ask the vendor how long it would take for a custom device to be created for you. Don’t accept a “create your own” answer or worse yet, “look around on the Community page for help”. There is nothing more frustrating than to pay a lot of money just to have to create your own solution anyway.
- Advanced correlation algorithms: Locating anomalous behavior in a large network is no easy task. Look for industry-leading multidimensional correlation technology that searches for patterns based on predefined rules, network vulnerabilities, statistical likelihood and historical precedent. I have been on many webinars with vendors and not many explain or even mention what’s going on inside the application. The more R&D that the SIEM vendor has put into the application engine, the less you have to create on your own. Again, I would rather not have to build my own solution I want what I am buying to solve the problem for me and make my life easier by saving me time, effort, and money in the long run.
- SIEM anywhere: Does the proposed security event log monitoring software work in the cloud? Is it cloud SIEM? Or is it network only SIEM? Is the SIEM purpose built for an MSSP/MSP vendor? Maybe it would be best to outsource all your security concerns to a MSP who can do it cheaper, quicker, and with more resources than you could hope to muster. Ask the SIEM vendor if MSP’s use their product as a SIEM cloud service. A SIEM vendor that is an MSP solution will be happy to tell you all about how easy it is to deploy this way.
Now that you know my short list to a SIEM solutions product search, don’t be afraid to ask vendors these questions and find a solution that makes your life easier and your company more secure. Compose a detailed RFP and send it out to your short list of vendors- all vendors love RFP’s. You will be amazed at what you find out when asking the right questions.
The post Have you ever had the challenge of deploying a SIEM in your environment? appeared first on .