Skip to content

Got SIEM? – Part I

October 31, 2008

One of the things I really like about interacting with customers is that they provide perspective that, as a vendor, we sometimes don’t get to see first-hand or experience ourselves.  Meeting with a large-enterprise customer yesterday, it was fascinating to hear him talk about some of the business problems he’s encountering as he tries to manage the security posture of thousands of hosts and infrastructure devices, containing hundreds of databases and applications that support revenue-generating business processes.

This customer – like so many others across the spectrum of vertical industry and size, from the SMB market to global enterprises – is in the process of looking to security information and event management (SIEM) solutions as a valuable tool to address a burgeoning glut of unique threats, regulations, and other drivers affecting information security.  And the fact is, there’s no question that SIEM technologies can help organizations in a variety of ways:

  • Providing centralized correlation and reporting of events across disparate applications, systems, and platforms to support both security and network operations functions
  • Providing a cross-platform pool of event data to support forensics and other security operations
  • Centralizing and retaining pristine log files to meet legal retention requirements
  • Providing evidence of selected technical controls associated with regulations, best practices, and standards

Unfortunately, while it’s clear that SIEM technologies are incredibly beneficial, this particular customer made it clear that his requirements (and doubtless many others’) around security information and event management are rapidly outstripping the capabilities of most SIEM solutions.

This led me to do some soul-searching around SIEM technologies, and ruminate for a bit on some of the limitations of today’s SIEM solutions, including how solution vendors can better address customers’ real business needs by improving specific aspects of their software.  Over the next couple of posts, I’ll be discussing some of these limitations, and the tremendous value SIEM vendors can provide to their customers by improving these deficiencies.

Next Up: Why most SIEM platforms today are not as comprehensive as customers need them to be.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: