Gartner Blog Network


Some of the Big SIEM Questions

by Anton Chuvakin  |  July 18, 2012  |  2 Comments

As I mentioned, I am working on two SIEM reports this quarter. Here are some of the questions I will be trying to answer:

Deployment:

  • How do large enterprise SIEM deployments grow and evolve?
  • What choices made early in the deployment process can make the whole project more successful?
  • What is the best phased approach for growing a SIEM deployment?
  • What data should be loaded first (based on a set of specific use cases)?
  • What are large enterprise SIEM architecture choices? When each should be used?

Operation:

  • What are the processes and practices that MUST be in place to make a large SIEM deployment a success?
  • Specifically, what is the absolute minimum “process bundle” without which a SIEM is guaranteed to FAIL? (think incident response, for example)
  • What people (skills, roles, etc) should be involved in running and using a SIEM?
  • In general, what do I need to run a SIEM productively over a long period of time?
  • What ongoing product/content customization has to be in place?

Other:

  • How do vendor product architecture/technology choices affect large customer deployments?
  • What help is available if SIEM is needed, but resources are not available locally?

I’d love to chat with a few organizations who operate such large deployments and receive briefings, and product demos  from vendors focused on the above.

BTW, my next post will focus on some architecture decisions, and SIEM architecture dimensions.

Related posts:

Category: logging  security  siem  

Tags: logs  security  security-monitoring  siem  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Some of the Big SIEM Questions


  1. […] Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ← Some of the Big SIEM Questions […]

  2. […] my current research project, I promised to shed some light on SIEM technology architecture as well as related processes – and I […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.