SIEM Projects Require Enterprises Understand Security Needs | eWeek

SIEM Projects Require Enterprises Understand Security Needs

Écrit par
Brian Prince
Brian Prince
Sep 7, 2010
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Security information and event management (SIEM) tools are on the spending lists of many companies concerned about security and compliance.

But getting down to the business of choosing and deploying a tool can be fraught with complications ranging from dealing with hype from vendors to expectations about what the technology will do.

“Internally, managing expectations about what the tool will do and when is absolutely critical and also brutally difficult,” said Mike Rothman, an analyst with Securosis. “Everyone wants information important to them, but that creates a situation where you’ve got to boil the ocean. …Externally, wading through all the vendor propaganda, hyperbole and competitive positioning is very difficult. In a reasonably mature market, all of the vendors say they do everything and the competition stinks. If you indulge the vendors and let them drive the process, your head may explode.”

Organizations need to be clear on what their requirements for SIEM systems are-and that begins with bringing the right people to the table early on, several people told eWEEK. There are many potential stakeholders for the technology, from the security team to network administrators to the business side of the house.

“There is too much of what I would consider ‘magical thinking’ among organizations about SIEM,” opined Scott Crawford, an analyst with Enterprise Management Associates. “The roots of the technology are in taming the huge volumes of data generated by security and other point products in order to determine the threat needles in many haystacks. Unfortunately, this has led too many organizations to assume that SIEM will therefore automate security event analysis in ways that only human analysts can.

“Almost every aspect will require tuning for a specific organization-from the point tools with which SIEM is integrated to the specific aspects of correlation and drill down desired,” he added. “And correlation is no magic bullet-you’re basically talking about a system for recognizing what is known, even though some attacks specifically target what is difficult to see or determine without human analysis.”

According to Chris Poulin of Q1 Labs, customers sometimes purchase log management or SIEM to solve tactical needs such as regulatory compliance, but implement it without regard to enterprise need. Then sometime down the line, an executive demands to know what value the solution is providing and stirs things up, he added.

“Once they get the solution in place, they have to get buy-in from the owners of log sources and network activity to solve the compliance problem, not to mention get incremental value out of the solution once the compliance checkbox is filled,” said Poulin, chief security officer at the company.

Organizations should establish a procurement committee to choose a tool and take a “phased implementation approach” so the vendor understands what needs to be done and how the tool will be used strategically over time, Rothman advised.

“Wading through the vendor crap requires discipline and a few trusted parties-[such as] resellers, analysts, peer networking groups-to keep everything honest,” he said. “Don’t trust the vendor references … and ultimately pick a short list and then test each of the products in your environment. That’s really the only way to know if the product can really work for you.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.