IDC and Gartner estimate that companies spent between $700M and $1B on SIEM solutions since 2008 and expect a 30% increase in SIEM solution spending.
Spending they say is largely related to regulatory compliance, with secondary requirements for effective threat monitoring.
PCI-DSS Compliance requires log management and SOX compliance requires priveleged user reporting.
It's the secondary requirements that are more interesting. Lots of companies offer log management - Intellitactics is one of them and there are about 20 more of them. But fewer companies offer real time capabilities for dealing with security complexity. Intellitactics SIEM solutions feature real time event management and operational reporting to improve detection and accelerate response.
I read Jon Olstik (ESG) when he said: "There is an acute awareness that security attacks are more sophisticated and that security at a sytstem level is harder than at the device levels." He suggested that there is a need to ". . . replace early SIEM platforms that don't scale or provide the right level of analytics and reporting capabilities."
This makes me wonder: "What are companies waiting for?" Not only are companies delaying action to get a SIEM or replacing those "old platforms", they are seriously considering the latest promise of total security through log searching.
We like the five critical capabilties of SIEM defined by Gartner:
Spending they say is largely related to regulatory compliance, with secondary requirements for effective threat monitoring.
PCI-DSS Compliance requires log management and SOX compliance requires priveleged user reporting.
It's the secondary requirements that are more interesting. Lots of companies offer log management - Intellitactics is one of them and there are about 20 more of them. But fewer companies offer real time capabilities for dealing with security complexity. Intellitactics SIEM solutions feature real time event management and operational reporting to improve detection and accelerate response.
I read Jon Olstik (ESG) when he said: "There is an acute awareness that security attacks are more sophisticated and that security at a sytstem level is harder than at the device levels." He suggested that there is a need to ". . . replace early SIEM platforms that don't scale or provide the right level of analytics and reporting capabilities."
This makes me wonder: "What are companies waiting for?" Not only are companies delaying action to get a SIEM or replacing those "old platforms", they are seriously considering the latest promise of total security through log searching.
We like the five critical capabilties of SIEM defined by Gartner:
- Compliance reporting - emphasis on user and resource access reporting
- SEM - real time data collection, security event console, event correlation and analysis and incident management support
- Deployment and support simplicity - scalability and deployment flexibility
- User and resouce access analysis - moving from activity monitoring to exception analysis required for fraud detection and breach discovery
- And of course, log management
Powered by Compendium Blogware
Comments for SIEM Solution Do's and Don'ts