Gartner Blog Network

Two Essential SIEM Notes

by Anton Chuvakin  |  December 19, 2011  |  Comments Off on Two Essential SIEM Notes

Mark Nicolett has published two brilliant (and I MEAN it!) notes on SIEM:  Planning for an SIEM Technology Deployment” and  “How to Deploy SIEM Technology.” 

I wish these notes were glued to every SIEM software/appliance box shipped since 1997 (that is when a SIEM tool was first shipped) and were required reading before you are allowed to open that box.

A few quotes to whet your appetite, but

  • You must have “a set of security information and event management (SIEM) deployment project steps that will result in a complete definition of requirements, evaluation of the environment to enable a pre-deployment design, evaluation of technology choices and phased deployment.”
  • Also, an organization must “Define monitoring objectives and the initial scope of deployment
  • “An environmental assessment is needed to generate information required for the design of log collection and event management infrastructure, and accurate cost estimates from SIEM vendors”
  • “An SIEM deployment that lacks effective incident response is, at best, a waste of resources and, at worst, a liability that documents the organization’s failure to act on clear signals of risk. Incident response processes need to be defined before production monitoring is implemented.” Remember, IR process before SIEM!

Get the notes and read them NOW, starting from the “Planning…” one!

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: security  siem  

Tags: security  security-monitoring  siem  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.