Vendor Landscape: Security Information & Event Management

More documents

Recommendations

Info

Compare approaches to managing key information security processes, with or without SIEM Get a sense of how far you intend to go with SIEM to help focus setting your organization’s requirements. Look for the SIEM you need, and no more. SIEM Approach No SIEM Basic SIEM (Compliance or Event Focus) Advanced SIEM (Compliance and Event Focus) Log Management Storage, backup, retention, and archival settings must be configured and managed for each key system. Central log management optimizes the time and cost of managing key system logs, enabling greater opportunities for using such data. Security Management Focus Areas Compliance Management Compliance reporting and related log review management is done through manual processes. Compliance management processes can be streamlined with predefined, scheduled, cross-system reporting. Event Management Incident identification & response processes are hampered by lack of cross-system visibility. Visibility into incidents is increased through event correlation; incident response is enhanced by alerting and forensic investigation functionality. Continuous Risk Management Prioritization of security attention across systems is nearly impossible, and may not account for cross-system risks. A more realistic view of risk emerges from increased efficiency in compliance or event management processes, enabling better prioritization. Integrated information from compliance and event management processes provides the most complete view of overall system risks. Staff attention and technology investments can be optimized. Info-Tech Research Group 10
Be clear about the impact of SIEM-enhanced security visibility Be prepared for dealing with issues and events that you might have been unaware of without SIEM. 1. Pre-SIEM: Information risks and associated security management costs increase over time as new threats appear. 2. Immediately Post-SIEM: Increased visibility into extant threats results in increased cost of managing those threats – ignorance can no longer justify inaction. • Per event/incident costs will decline through earlier detection opportunities and investigation efficiencies provided by the SIEM tool. • Since those threats always existed, and are now being acted upon, overall risk begins to decline. • As SIEM-based efficiencies are realized, the cost of managing visible threats returns to baseline levels. 3. Long-Term Post-SIEM: Both risk and security costs can be driven down further through feedback from SIEM into technical and procedural controls. SIEM’s Impact on Risk and Cost Over Time Info-Tech Research Group 11
Page 1 and 2: Vendor Landscape: Security Informat
Page 3 and 4: Executive Summary Understand SIEM T
Page 5 and 6: Understand SIEM Trends and Consider
Page 7 and 8: Like every tool, SIEM has limitatio
Page 9: Determine how and where SIEM will h
Page 13 and 14: Evaluate SIEM Vendors What’s in t
Page 15 and 16: SIEM Vendor selection / knock-out c
Page 17 and 18: The Info-Tech SIEM Vendor Landscape
Page 19 and 20: The Info-Tech SIEM Value Index What
Page 21 and 22: Advanced Features are the capabilit
Page 23 and 24: LogRhythm’s comprehensive SIEM fe
Page 25 and 26: Sensage is a small company that eas
Page 27 and 28: Q1 Labs QRadar: a quality product l
Page 29 and 30: LogLogic provides a strong solution
Page 31 and 32: NitroSecurity continues to bring a
Page 33 and 34: SolarWinds is a newer face in the m
Page 35 and 36: RSA has a solid solution, but also
Page 37 and 38: Symantec offers vendor stability an
Page 39 and 40: ArcSight offers both enterprise- an
Page 41 and 42: Trustwave’s strength is in their
Page 43 and 44: Streamline monitoring, alerting, an
Page 45 and 46: Ensure the reduction of enterprise
Page 47 and 48: Issue an RFP to ensure SIEM vendors
Page 49 and 50: Take charge of vendor demonstration
Page 51 and 52: Getting to a SIEM implementation st
Page 53 and 54: Identify constraints for your SIEM
Page 55 and 56: Account for implementation resource
Page 57 and 58: Determine how you intend to staff S
Page 59 and 60: Start modestly, but keep the final
Page 61 and 62:
Vendor Landscape Methodology: Overv
Page 63 and 64:
Vendor Landscape Methodology: Scori
Page 65 and 66:
Vendor Landscape Methodology: Infor
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Vendor Landscape Methodology: Fact
Page 73 and 74:
Product Pricing Scenario, continued
Page 75 and 76:
Country Info-Tech Research Group 75
Page 77 and 78:
FTEs Info-Tech Research Group 77
show all

Vendor Landscape: Security Information & Event Management

Create successful ePaper yourself

Delete template?

Save as template?