6 Things You Should Know About Choosing a SIEM Solution

So many names. It always reminds me of the line from The Devil’s Advocate when Pacino says “Oh, I have so many names.” Security Information Management, Security Information and Event Management, SIM, SIEM, Log Management, Log Aggregation. If you really like to use buzz words you could call this Big Data for Security.

This technology can be great. If implemented correctly you can find security and fault management issues in your environment as they are happening rather than trying to figure out if something has happened hours or months later, which is usually what happens if noticed at all. If you are not familiar with the technology, the basic concept is to configure all networked elements to forward events to the SIM. This allows you to:

  • Centralize events – if everything is in one place it’s much easier to search for something.
  • Normalize events – if the format of the events is the same we can actually search for things.
  • Search events – perhaps everything for a period of time or for an IP address or username.
  • Report on events – provide executive summaries on security and fault issues on a regular basis.
  • Correlate events – configure some logic so that if certain events happen within a specified period of time an alert of some sort can be generated.
Keep reading for the 6 factors that will make sure your SIM project is a success.

[Read more…]

Is Your SIEM Platform Dealing With Critical Threats As Well As It Should? [McAfee]

Effective security information and event management (SIEM) means properly analyzing your security event data in real time – threats and vulnerabilities to your organization’s systems — and collecting and analyzing your log data for regulatory compliance. But as SIEM/Log Management technology has rapidly evolved and you’ve had some time to live with the offerings you’ve implemented, you might be having a little buyer’s remorse. In other words, you might be wondering or worrying whether your SIEM is working as it should and meeting your – and your organization’s — expectations. You may also be scared to find out.

Don’t be. If a thorough analysis leads you to conclude you need an SIEM replacement, the good news is that might be easier than the initial installation. Equally good news, that analysis tells you your SIEM purchase and implementation was the right one. Either way, just about the worst thing you can do is pretend that uneasiness or uncertainty you’re feeling doesn’t exist.

It’s better to know than to not know.

So how do you start? What’s the process for deciding whether the benefits of considering a new security management platform and migrating to it outweigh the risks of doing nothing? The way I see it, there are 7 steps to get you there.

[Read more…]