Comments on: SIEM http://www.allaboutsecurity.net/2009/05/siem/ Networking, Security, Linux and a drop of Windows Sun, 25 Oct 2009 13:08:39 +0100 http://wordpress.org/?v=2.8.5 hourly 1 By: t.waters http://www.allaboutsecurity.net/2009/05/siem/comment-page-1/#comment-515 t.waters Fri, 08 May 2009 19:09:57 +0000 http://www.allaboutsecurity.net/?p=121#comment-515 I know how you feel, I have had the same problem in my previous job. I was always patching and clearing up mess, in stead of pro-actively monitoring and anticipating on events. A SIEM would definitely take work out of your hands on the long run, but the cost of the SIEM can not be justified for small organizations. Not with the SIEM systems currently available anyway ( at least the ones I know of ). I feel that in the future SIEMS are going to be more important because the internet is going to be even more and more integrated in to our business models and IT systems. Full (real-time) monitoring and taking actions accordingly will be necessary to keep the malicious users out, a task which a human can not be doing any more as networks and systems get to complex to correlate. This means smaller organizations ( although their networks are not as complex) will need a SIEM ( or at least some sort of log analyses) too. So, I think there are going to be only two options for smaller organizations in the future: - Hope that some company will develop a SIEM system which is not as costly as the ones there are right now, and therefore justifies the cost of purchasing and maintaining it, - Outsource their security(log) analyses ( or complete IT ) to a company that provides this service. I know how you feel, I have had the same problem in my previous job. I was always patching and clearing up mess, in stead of pro-actively monitoring and anticipating on events. A SIEM would definitely take work out of your hands on the long run, but the cost of the SIEM can not be justified for small organizations. Not with the SIEM systems currently available anyway ( at least the ones I know of ).

I feel that in the future SIEMS are going to be more important because the internet is going to be even more and more integrated in to our business models and IT systems. Full (real-time) monitoring and taking actions accordingly will be necessary to keep the malicious users out, a task which a human can not be doing any more as networks and systems get to complex to correlate.

This means smaller organizations ( although their networks are not as complex) will need a SIEM ( or at least some sort of log analyses) too.
So, I think there are going to be only two options for smaller organizations in the future:
- Hope that some company will develop a SIEM system which is not as costly as the ones there are right now, and therefore justifies the cost of purchasing and maintaining it,
- Outsource their security(log) analyses ( or complete IT ) to a company that provides this service.

]]> By: SIEM Lover http://www.allaboutsecurity.net/2009/05/siem/comment-page-1/#comment-514 SIEM Lover Fri, 08 May 2009 18:51:39 +0000 http://www.allaboutsecurity.net/?p=121#comment-514 Hackers and fraudsters target small businesses because they don't have the resources and defenses. A recent article on Dark Reading talks about the rise of botnets among SMBs - this is just one example. http://www.darkreading.com/security/client/showArticle.jhtml;jsessionid=LBUDONOIXDTDQQSNDLRSKHSCJUNN2JVN?articleID=217300483 SIEM tools have so many capabilities that people don't even realize to make your job as the security ops guy that much easier. I bet if you started to look at SIEM tools from the security ops perspective, you would realize the value many of these tools have to help you. Hackers and fraudsters target small businesses because they don’t have the resources and defenses. A recent article on Dark Reading talks about the rise of botnets among SMBs – this is just one example. http://www.darkreading.com/security/client/showArticle.jhtml;jsessionid=LBUDONOIXDTDQQSNDLRSKHSCJUNN2JVN?articleID=217300483

SIEM tools have so many capabilities that people don’t even realize to make your job as the security ops guy that much easier. I bet if you started to look at SIEM tools from the security ops perspective, you would realize the value many of these tools have to help you.

]]> By: Curious http://www.allaboutsecurity.net/2009/05/siem/comment-page-1/#comment-513 Curious Fri, 08 May 2009 17:09:14 +0000 http://www.allaboutsecurity.net/?p=121#comment-513 What about smaller organizations? I'm skeptical of the value a SIEM provides. I am the only guy doing security ops and have a million and one other things to do too! What about smaller organizations? I’m skeptical of the value a SIEM provides. I am the only guy doing security ops and have a million and one other things to do too!

]]>