Blog post

My SIEM Workshop / SAS Day

By Anton Chuvakin | September 14, 2012 | 0 Comments


I just did a full-day SIEM workshop (a SAS day) for a large enterprise client. While I cannot show our specific agenda (it is covered by an NDA), I can share some of the ideas and topics we explored via a mix of presentations and facilitated group discussions (about 15 people were present).

Topics included:

  • Introduction to logging and dealing with logs, reasons for takings logs seriously, common log types, etc
  • Introduction to SIEM tools, their functionality, SIEM market (via Magic Quadrant), common use cases, tool deployment approaches,  architecture
  • Common and essential SIEM processes and practices, skills and roles for people involved with a SIEM, security monitoring process success tips
  • Review of current logging and log management across the organization, who uses what data, who collects data and in what system
  • Future goals for this area, requirements and challenges with what is logged and how logs are treated today (and of past log/SIEM projects)
  • Discussion about current vs desired future state, challenges with current ways of dealing with logs, ultimate goals and “Phase 1” goals
  • Logging and compliance, known regulatory and other external mandates, common requirement interpretations, what other organizations are doing
  • Review of current compliance logging,  log sources, tools used, processes in place, teams involved
  • Discussion about “Mandate 1” and “Mandate 2” [sorry, cannot disclose the details] security monitoring requirements and SIEMs role in addressing these requirements at the organization
  • SIEM/security monitoring delivery options: internal, outsourced, co-sourced, managed, hybrid; pros/cons, ways to compare and choose
  • SIEM RFP elements and approaches to total SIEM program cost estimation, review of Gartner SIEM RFP toolkit
  • Joint creation of project outline and approach to addressing the challenges, recommendations, conclusions, etc.

If you are a Gartner client and would like an in-depth full-day guidance on acquiring, deploying and/or operating a SIEM tool effectively, please get in touch with your friendly neighborhood Gartner sales person. I’d be happy to do a similar customized workshop for your organization as well. And, no, I don’t know how much we charge for it Smile

Related SIEM posts:

Comments are closed