| The dirty truth of SIEM is that achieving the greatest value requires tuning and customizing the products to each environment and to each business requirement. Vigilant is where you go to get this done best! | ||
|
it security monitoring news
Users of SIEM and Log Management Technologies Report Measurable Gains
Vigilant LLC Recognizes Success Factors and Ongoing ROI Challenges
NEW YORK – May 18, 2009 – A recent study by Aberdeen Group concludes that the top 20 percent of companies – denoted by Aberdeen as “best-in-class” – are showing demonstrable gains from security information and event management (SIEM) technologies in three areas: 1) a decrease in audit deficiencies; 2) reduction in security incidents; and 3) considerable operational cost savings. Vigilant LLC, a provider of on-site and managed security services, views this as a positive indicator that SIEM technology has matured significantly, and that best-in-class users are contributing to the ongoing definition of best practices for SIEM and log management.
The research, released this past April and commissioned in part by Vigilant, also notes that the majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents and operational costs associated with security management. To ensure better and more rapid success, Vigilant advocates a systematic approach to deploying and managing SIEM and log management tools – taking into account the following key success factors:
A complimentary copy of the Aberdeen Group report, entitled “Leveraging Logs, Information and Events: Three Use Cases for What to Do with All That Data,” is available through Vigilant at www.thevigilant.com.
The research, released this past April and commissioned in part by Vigilant, also notes that the majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents and operational costs associated with security management. To ensure better and more rapid success, Vigilant advocates a systematic approach to deploying and managing SIEM and log management tools – taking into account the following key success factors:
- Compliance objectives often drive funding for SIEM and security log management (SLM) projects, but regulatory pressure alone should not drive product implementation. By mapping security controls to the various regulations, policies and standards that need to be addressed, project leaders should prioritize monitoring of the most important control elements, and be thorough in customizing with those in mind. High-quality, focused work will both improve actual security and yield better audit results than a race to meet the compliance checklist.
- While companies can expect immediate efficiencies simply from being able to view log data from a single console, SIEM and SLM products must be contextualized to the environment to achieve significant gains. By breaking the deployment into discrete phases, each associated with specific and measurable objectives, companies can achieve greater success.
- SIEM and SLM tools must be viewed as dynamic infrastructure, with adequate staffing to manage their use against changes in the IT environment and the threat landscape. With current budget constraints, companies should consider options for augmenting internal capabilities with outside resources.
- To maximize opportunities to communicate the value of security investments, IT groups need to gear reporting toward executives. Security information data is still primarily consumed by security operations – meaning that for most, monitoring security devices may be higher on the priority list than securing key business processes – a trend that must be reversed before the full value of SIEM will be realized.
A complimentary copy of the Aberdeen Group report, entitled “Leveraging Logs, Information and Events: Three Use Cases for What to Do with All That Data,” is available through Vigilant at www.thevigilant.com.