Security Information and Event Management (SIEM) technologies are not new, but there remains plenty of misinformation and misunderstanding about how to use them. Critics focus on them being little more than log collector and storage tools, that due to their management overhead, gives little in the way of return on investment (ROI). What these critics fail to acknowledge is that by rethinking how security operations centres (SOCs) operate, SIEM technologies deliver significant operational benefits and efficiencies. Do you know what it takes to deploy a SIEM and upgrade your security to enable proactive threat hunting?
By integrating a SIEM into the core of your SOC and re-engineering some of the processes, you can start to improve your cyber assurance and realise a highly favourable ROI. Let’s start with staffing; you might already have a security team looking after firewalls, antivirus products and intrusion prevention systems. That’s a lot of “security systems” to monitor and the addition of a SIEM may just add yet another thing to do. But what if you look at the SIEM from the perspective of a consolidation technology, which merges information from all these systems into a single screen.
Instead of going straight to security operations, start talking to your network, server and desktop teams, and maybe even your database team, to see which aspects of security operations would sit more naturally with them. For example, adjusting the rule-set on a firewall is not unlike changing the configuration on a router or core switch. Your network team almost certainly knows all about firewall administration already. Firewalls are simply another networking device…Click HERE to read full article.