Vendor Landscape: Security Information & Event Management

More documents

Recommendations

Info

Factor decision-makers’ concerns into the SIEM proposal Perspective matters: position initial SIEM plans based on what’s most important to leadership, and focus on relevant cost reduction opportunities. • Where leadership has a strong focus on information risk management, pitching event-focused SIEM is easier: ◦ Even without 24/7 monitoring, eventfocused SIEM enables risk reduction simply through enhanced visibility. ◦ Reducing incident-related costs can offset SIEM investments. • Where that strong risk focus is missing, compliance-focused SIEM may be the more effective route to approval: ◦ Reducing the costs of demonstrating compliance can offset SIEM investments. ◦ Leverage enhanced visibility to elevate information risk to a leadership level, and evolve SIEM toward a greater focus on event and risk management. N=11 Info-Tech Research Group 58
Start modestly, but keep the final objective in mind Don’t try to execute the whole SIEM vision at once. Learn from early stages, and build capabilities & benefits incrementally. • Embarking on a SIEM initiative requires a serious investment of time and money. Implementation can be phased in two distinct, but complementary, ways. ◦ Phased by SIEM function: – Start with a compliance management focus, but explore the benefits of enhanced event visibility or – Start with an event management focus, but take advantage of compliance reporting for internal purposes. – Once both are implemented, look at continuous risk management opportunities – demonstrated benefits from past experiences might even outweigh the cost of adding 24/7 monitoring. ◦ Phased by source system: – Start with the most critical systems (key applications, core infrastructure, regulated environments). – Expand to other log data sources as the benefits of SIEM are demonstrated for those key assets. • Mix and match these approaches to minimize initial costs, maximize the benefits delivered, and build additional support for broader SIEM deployments: ◦ Later stages may not deliver the same magnitude of benefits, but they involve lower equipment and configuration costs, as they leverage initial investments made in earlier stages. Info-Tech Research Group 59
Page 1 and 2:
Vendor Landscape: Security Informat
Page 3 and 4:
Executive Summary Understand SIEM T
Page 5 and 6:
Understand SIEM Trends and Consider
Page 7 and 8: Like every tool, SIEM has limitatio
Page 9 and 10: Determine how and where SIEM will h
Page 11 and 12: Be clear about the impact of SIEM-e
Page 13 and 14: Evaluate SIEM Vendors What’s in t
Page 15 and 16: SIEM Vendor selection / knock-out c
Page 17 and 18: The Info-Tech SIEM Vendor Landscape
Page 19 and 20: The Info-Tech SIEM Value Index What
Page 21 and 22: Advanced Features are the capabilit
Page 23 and 24: LogRhythm’s comprehensive SIEM fe
Page 25 and 26: Sensage is a small company that eas
Page 27 and 28: Q1 Labs QRadar: a quality product l
Page 29 and 30: LogLogic provides a strong solution
Page 31 and 32: NitroSecurity continues to bring a
Page 33 and 34: SolarWinds is a newer face in the m
Page 35 and 36: RSA has a solid solution, but also
Page 37 and 38: Symantec offers vendor stability an
Page 39 and 40: ArcSight offers both enterprise- an
Page 41 and 42: Trustwave’s strength is in their
Page 43 and 44: Streamline monitoring, alerting, an
Page 45 and 46: Ensure the reduction of enterprise
Page 47 and 48: Issue an RFP to ensure SIEM vendors
Page 49 and 50: Take charge of vendor demonstration
Page 51 and 52: Getting to a SIEM implementation st
Page 53 and 54: Identify constraints for your SIEM
Page 55 and 56: Account for implementation resource
Page 57: Determine how you intend to staff S
Page 61 and 62: Vendor Landscape Methodology: Overv
Page 63 and 64: Vendor Landscape Methodology: Scori
Page 65 and 66: Vendor Landscape Methodology: Infor
Page 71 and 72: Vendor Landscape Methodology: Fact
Page 73 and 74: Product Pricing Scenario, continued
Page 75 and 76: Country Info-Tech Research Group 75
Page 77 and 78: FTEs Info-Tech Research Group 77
show all

Vendor Landscape: Security Information & Event Management

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?