by Anton Chuvakin | December 19, 2011 | Comments Off on Two Essential SIEM Notes
I wish these notes were glued to every SIEM software/appliance box shipped since 1997 (that is when a SIEM tool was first shipped) and were required reading before you are allowed to open that box.
A few quotes to whet your appetite, but
- You must have “a set of security information and event management (SIEM) deployment project steps that will result in a complete definition of requirements, evaluation of the environment to enable a pre-deployment design, evaluation of technology choices and phased deployment.”
- Also, an organization must “Define monitoring objectives and the initial scope of deployment”
- “An environmental assessment is needed to generate information required for the design of log collection and event management infrastructure, and accurate cost estimates from SIEM vendors”
- “An SIEM deployment that lacks effective incident response is, at best, a waste of resources and, at worst, a liability that documents the organization’s failure to act on clear signals of risk. Incident response processes need to be defined before production monitoring is implemented.” Remember, IR process before SIEM!
Get the notes and read them NOW, starting from the “Planning…” one!
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.