Vendor Landscape: Security Information & Event Management
Vendor Landscape: Security Information & Event Management
Vendor Landscape: Security Information & Event Management
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Product Pricing Scenario<br />
A mid-level retailer with corporate offices on the US west coast, east coast, and Ireland is looking to implement a SIEM solution. The company<br />
employs 2200 people. The firm is interested in reducing the effort associated with monitoring, alerting, and responding to security events at the<br />
Endpoint, Network, and Datacenter levels. The firm also has 100 retail outlets scattered throughout the US and Europe however all stores are<br />
franchised and so out of scope.<br />
The corporate office breakdown is as follows:<br />
US West Coast (Head Office)<br />
Employing 1600 people (70% of total staff), the west coast office holds Sales, Finance, Strategy, Marketing, Buyers, and the majority of IT. The<br />
IT staff here consists of 45 employees, 3 of which are dedicated security professionals consisting of 1 <strong>Security</strong> Manager and 2 <strong>Security</strong><br />
Analysts.<br />
US East Coast (Satellite)<br />
Employing 200 people (10% of total staff), the east coast office holds solely Sales and Marketing department.<br />
Ireland (Satellite)<br />
Employing 400 people (20% of total staff), the Ireland office employs Buyers and Manufacturing and also a DR facility. Manufacturing consists<br />
of 300 employees. The company’s remaining 5 IT staff are located here though none have dedicated security responsibilities.<br />
The expected solution capabilities are as follows:<br />
• The organization described in the pricing scenario is interested primarily in reducing the cost of demonstrating compliance with financial and<br />
privacy-related regulations, enhancing visibility of typical external and internal threats, and simplifying the forensic effort associated with<br />
event/incident response. Advanced persistent threats are a lesser, tangential concern.<br />
• The anticipated volume & complexity of ad hoc queries against logged and correlated event data is fairly small, driven primarily by incident<br />
response efforts and gaps (if any exist) in canned compliance reports.<br />
• The SIEM product is expected to be used regularly by 4 IT staff (the <strong>Security</strong> Manager and 2 Analysts at the head office, as well as one of<br />
the IT staff at the Ireland satellite office), with additional dashboard-/report-level access for 4 users (2 in compliance/audit and 2 in IT<br />
management/executive).<br />
Info-Tech Research Group<br />
72