Vendor Landscape: Security Information & Event Management

More documents

Recommendations

Info

Consider the available SIEM deployment options Each SIEM appliance model has its own merits and faults. Platform Pros Cons Hardware Appliance Virtual Appliance Simplified management maximizes focus on SIEM operations. Simplified support – no vendor concerns about underlying hardware. Leverages existing server virtualization and shared storage (SAN) investments. Dedicated onboard storage is unavailable for other uses. Scalability limited by appliance capabilities. High-performance requirements consume virtual server resources. Scalability and resiliency limited only by those environments. Requires additional virtual server management. Software-only Solutions Allows wider choice of hardware. Requires dedicated server hardware and ongoing server management. Elevates risk of HW vs. SW fingerpointing during support calls. Regardless of the choice – or mix – of platforms, don’t forget to plan for log data backup to meet regulatory and internal policy requirements. Info-Tech Research Group 52
Identify constraints for your SIEM architecture Consider performance, capacity, and regulatory inputs in your design process. • SIEM vendors offer a variety of centralized and distributed deployment options – sometimes the best design is a mix of both. • Centralized components typically include log collectors, event correlation engines, and functions including alerting, reporting, and incident management tools. ◦ Whether all-in-one or separate but adjacent devices, deploying these components centrally reduces the management burden for SIEM. • Distributed designs may include single-purpose collectors and combination collector/correlation devices, which can support: ◦ Regulatory requirements (e.g. EU Safe Harbour) that restrict offshore movement of private/sensitive data. ◦ Performance and scalability needs by aggregating data from log sources at remote sites and offloading event correlation processing. Info-Tech Insight Cloud-based SIEM solutions (aka SIEMaaS) are maturing, but have yet to take over the market. Regulatory restrictions may limit the applicability of such services. In contrast, managed security service provider (MSSP) solutions, in which a third party maintains and monitors a SIEM system housed on customer premises, offer greater promise today: • Customer control over sensitive data. • Shared access to 24/7 monitoring at a fraction of the cost. Info-Tech Research Group 53
Page 1 and 2: Vendor Landscape: Security Informat
Page 3 and 4: Executive Summary Understand SIEM T
Page 5 and 6: Understand SIEM Trends and Consider
Page 7 and 8: Like every tool, SIEM has limitatio
Page 9 and 10: Determine how and where SIEM will h
Page 11 and 12: Be clear about the impact of SIEM-e
Page 13 and 14: Evaluate SIEM Vendors What’s in t
Page 15 and 16: SIEM Vendor selection / knock-out c
Page 17 and 18: The Info-Tech SIEM Vendor Landscape
Page 19 and 20: The Info-Tech SIEM Value Index What
Page 21 and 22: Advanced Features are the capabilit
Page 23 and 24: LogRhythm’s comprehensive SIEM fe
Page 25 and 26: Sensage is a small company that eas
Page 27 and 28: Q1 Labs QRadar: a quality product l
Page 29 and 30: LogLogic provides a strong solution
Page 31 and 32: NitroSecurity continues to bring a
Page 33 and 34: SolarWinds is a newer face in the m
Page 35 and 36: RSA has a solid solution, but also
Page 37 and 38: Symantec offers vendor stability an
Page 39 and 40: ArcSight offers both enterprise- an
Page 41 and 42: Trustwave’s strength is in their
Page 43 and 44: Streamline monitoring, alerting, an
Page 45 and 46: Ensure the reduction of enterprise
Page 47 and 48: Issue an RFP to ensure SIEM vendors
Page 49 and 50: Take charge of vendor demonstration
Page 51: Getting to a SIEM implementation st
Page 55 and 56: Account for implementation resource
Page 57 and 58: Determine how you intend to staff S
Page 59 and 60: Start modestly, but keep the final
Page 61 and 62: Vendor Landscape Methodology: Overv
Page 63 and 64: Vendor Landscape Methodology: Scori
Page 65 and 66: Vendor Landscape Methodology: Infor
Page 71 and 72: Vendor Landscape Methodology: Fact
Page 73 and 74: Product Pricing Scenario, continued
Page 75 and 76: Country Info-Tech Research Group 75
Page 77 and 78: FTEs Info-Tech Research Group 77

Vendor Landscape: Security Information & Event Management

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?