Vendor Landscape: Security Information & Event Management

More documents

Recommendations

Info

Take stock of the serious threats to systems and the business; ensure threats can be contained or costs can be managed The cost of a major and persistent system compromise can be substantial. Standalone security tools provide some visibility; SIEM tools do much more. • Several well-publicized breaches in recent years highlight the scale of potential impacts, including: ◦ Direct costs for TJX (2007) have exceeded $250M. ◦ Heartland Payment Systems (2009) has reported over $140M in direct costs. ◦ Sony (2011) has already booked $171M in direct costs. ◦ Even security firms have not been immune (RSA, 2011). • Each of these breaches involved repeated system compromises crossing multiple systems over an extended period – precisely the types of activities that are made more visible through SIEM. • Total costs (direct and indirect) per compromised customer record continue to rise, and in 2009 averaged over $200 per affected customer. ◦ Costs per customer are typically much higher for smaller organizations and smaller-scale breaches than for the massive breaches noted above, as enterprise-wide expenditures are spread across a smaller number of affected accounts. Info-Tech Insight SIEM alone cannot eliminate similar breaches, but enhanced visibility reduces the risk to exposure in many ways: • Identify sophisticated attacks earlier using event data correlated across multiple systems; • Support more rapid and more thorough forensics during and after initial incident response; • Enable continuous feedback from observed threats into security and system controls to achieve optimal protection and reduce the risk of future compromises. When deployed & operated properly, SIEM can reduce the risk and impact of catastrophic breaches. Info-Tech Research Group 8
Determine how and where SIEM will help you manage risk Adopting the right SIEM tool depends on what risk-related focus is most important to your organization. All SIEM tools provide log management functionality – collecting, aggregating, and normalizing log data from diverse sources. Whether the enterprise chooses to move further or not, every organization can benefit from Log <strong>Management</strong>. Many organizations look to SIEM primarily as a way to reduce the cost of meeting internal and external/regulatory compliance requirements: Consolidated logs feed out-of-the-box and custom compliance reports. In some cases, SIEM workflow capabilities add value by tracking mandatory log review processes. Typically, organizations see both compliance and event management-related benefits as SIEM is integrated into the risk management toolbox. Other organizations look to SIEM primarily as a means to reduce the effort expended when responding to individual security events and incidents: Correlated events provide earlier visibility into active threats. Consolidated logs allow more rapid and thorough investigation of events either in progress, or after the fact. Many organizations take a final step, leveraging the information provided by the SIEM tool to target specific changes to (or investments in) system security and operational controls as a key component of a continuous risk management program. Info-Tech Research Group 9
Page 1 and 2: Vendor Landscape: Security Informat
Page 3 and 4: Executive Summary Understand SIEM T
Page 5 and 6: Understand SIEM Trends and Consider
Page 7: Like every tool, SIEM has limitatio
Page 11 and 12: Be clear about the impact of SIEM-e
Page 13 and 14: Evaluate SIEM Vendors What’s in t
Page 15 and 16: SIEM Vendor selection / knock-out c
Page 17 and 18: The Info-Tech SIEM Vendor Landscape
Page 19 and 20: The Info-Tech SIEM Value Index What
Page 21 and 22: Advanced Features are the capabilit
Page 23 and 24: LogRhythm’s comprehensive SIEM fe
Page 25 and 26: Sensage is a small company that eas
Page 27 and 28: Q1 Labs QRadar: a quality product l
Page 29 and 30: LogLogic provides a strong solution
Page 31 and 32: NitroSecurity continues to bring a
Page 33 and 34: SolarWinds is a newer face in the m
Page 35 and 36: RSA has a solid solution, but also
Page 37 and 38: Symantec offers vendor stability an
Page 39 and 40: ArcSight offers both enterprise- an
Page 41 and 42: Trustwave’s strength is in their
Page 43 and 44: Streamline monitoring, alerting, an
Page 45 and 46: Ensure the reduction of enterprise
Page 47 and 48: Issue an RFP to ensure SIEM vendors
Page 49 and 50: Take charge of vendor demonstration
Page 51 and 52: Getting to a SIEM implementation st
Page 53 and 54: Identify constraints for your SIEM
Page 55 and 56: Account for implementation resource
Page 57 and 58: Determine how you intend to staff S
Page 59 and 60:
Start modestly, but keep the final
Page 61 and 62:
Vendor Landscape Methodology: Overv
Page 63 and 64:
Vendor Landscape Methodology: Scori
Page 65 and 66:
Vendor Landscape Methodology: Infor
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Vendor Landscape Methodology: Fact
Page 73 and 74:
Product Pricing Scenario, continued
Page 75 and 76:
Country Info-Tech Research Group 75
Page 77 and 78:
FTEs Info-Tech Research Group 77
show all

Vendor Landscape: Security Information & Event Management

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?