Effective security information and event management (SIEM) means properly analyzing your security event data in real time – threats and vulnerabilities to your organization’s systems — and collecting and analyzing your log data for regulatory compliance. But as SIEM/Log Management technology has rapidly evolved and you’ve had some time to live with the offerings you’ve implemented, you might be having a little buyer’s remorse. In other words, you might be wondering or worrying whether your SIEM is working as it should and meeting your – and your organization’s — expectations. You may also be scared to find out.
Don’t be. If a thorough analysis leads you to conclude you need an SIEM replacement, the good news is that might be easier than the initial installation. Equally good news, that analysis tells you your SIEM purchase and implementation was the right one. Either way, just about the worst thing you can do is pretend that uneasiness or uncertainty you’re feeling doesn’t exist.
It’s better to know than to not know.
So how do you start? What’s the process for deciding whether the benefits of considering a new security management platform and migrating to it outweigh the risks of doing nothing? The way I see it, there are 7 steps to get you there.
- Look at what’s out there: What are the new features, platform advancements and deployment models for improved scalability and performance?
- What’s changed: Get a handle on how your requirements have evolved – from security to compliance and operations management – and why you bought your SIEM solution in the first place.
- Evaluate: Honestly examine your current environment and its effectiveness – what works and what, frankly, sucks.
- Review options: Cut through the marketing and empty promises by vendors with a set of questions and evaluation criteria to help you decide what’s most important.
- Determine your decision process: Re-examine your original requirements and be realistic about the features you need versus the ones that just sound cool.
- Look at your negotiating process: Figure out how you’ll deal with a potential incumbent vendor trying to save its business with you if you choose a new provider – and how to get the best deal with that possible new vendor.
- What is your migration process: If you pull the trigger on a new SIEM platform, how do you migrate as painlessly as possible.
One solution you’ll want to look at is McAfee’s Enterprise Security Manager. It connects real-time understanding of threat data, reputation data and vulnerability news with real-time understanding of your systems, data and activities, plus the speed and scale needed to identify critical threats and respond to them intelligently across your entire IT infrastructure.
No matter what you decide and which vendor you ultimately choose to keep or switch to, a SIEM investment is substantial and a pivotal decision in your organization’s ongoing security health. Take the thoughtful steps and time you need to make the right move.
To learn more about properly evaluating your current SIEM platform you can download this informative Securosis Whitepaper called Time to Replace Your SIEM to find out more about McAfee’s Enterprise Security Manager.