As we see strategic IT requirements traversing the delicate
balance of IT security and compliance, the value of Security Information and Event
Management (SIEM) tools have increased in importance. The collection and analysis of data from Content
filters, VPNs, UTMs, routers switches and firewalls, databases and systems are critically
important data points for every organization as the global threat vector
continues to modify its tactics and focus.
The Next Generation SIEM of today needs to deliver services to
the Network Operations Center (NOC), Security Operations Center (SOC) and the
Risk Audit (RA), teams and the executive suite.
Macro and Micro visibility enables enterprise organizations
to gain the upper hand via rich reporting of all IP enabled devices providing
visibility awareness such as:
•Log Management
•Security Events
•Confidential and Private
Data
•Vulnerability
Analytics
•Security and
Forensic Analysis
•Monitoring Internal & External Threats
•Monitoring User Activity
and Behavior
•Monitoring IT
staff/administrator behavior
•Meeting Corporate
Governance Initiatives
•Risk Analysis
•Network Operations
and Performance
•Asset Management
•Configuration Change
Audit
•Network Behavior
Anomaly (NBA) Monitoring
•Business Analysis
•Centralized
Management Analytics
•Compliance
Automation
•Audit Gap Analysis
With the multitude of SIEM tools available in the market
today it is incumbent among business leaders to see how security controls map
to specific lines of business assisting in the strategic decision making in all
lines of business. Some are referring to
this visibility as Unified Situational Awareness; a contemporary strategy
enabling any enterprise to know, not just guess what is happening within their
Information Technology Environment. This
knowledge quite often is compelling enough to empower business to gain an operational
edge over the competition.
As “The Cloud” and cloud services continue to become more
culturally acceptable, among business
leaders, as a way to reduce cost and maximize efficiencies. Organizations are
looking at SIEM solutions that are offered in a SaaS model (Software as a
Service). Many organizations have
invested in point solutions to meet their IT requirements and SIEM in a SaaS model
can be a compelling option for growing companies. Many organization place their SIEM SaaS tool
in the corporate private cloud and some prefer however some prefer a Managed Service Provider (MSP)
model.
Organizations should consider Next Generation SIEMs that extend
beyond traditional SIEM.
Expanded Data Collection: Advanced security uses cases such
as early threat detection require analysis of far more than just log and event
data. Network traffic visibility, such
as flow data, user context and threat intelligence correlation are all required
for comprehensive visibility
Customization without Professional Services: Many SIEM
products require a steady stream of expensive pro services in order to deliver value
for customers. Next Generation SIEM delviers simple and straight forward customization.
Rapid Time-To-Value: Next Generation SIEM technologies
provide fast , easy installation and straight forward and flexible
customization that allow security professionals to gain immediate value.
Regardless of the preferred delivery model there is no
question of the value of a SIEM tool and as management and monitoring tool, so
too does the Next Generation SIEM providing a simple more purpose built tool
for today’s environment.
Keith Turgeon, President, Namtek, Bedford, New Hampshire
No comments:
Post a Comment