Gartner Blog Network

My SIEM Workshop / SAS Day

by Anton Chuvakin  |  September 14, 2012  |  1 Comment

I just did a full-day SIEM workshop (a SAS day) for a large enterprise client. While I cannot show our specific agenda (it is covered by an NDA), I can share some of the ideas and topics we explored via a mix of presentations and facilitated group discussions (about 15 people were present).

Topics included:

  • Introduction to logging and dealing with logs, reasons for takings logs seriously, common log types, etc
  • Introduction to SIEM tools, their functionality, SIEM market (via Magic Quadrant), common use cases, tool deployment approaches,  architecture
  • Common and essential SIEM processes and practices, skills and roles for people involved with a SIEM, security monitoring process success tips
  • Review of current logging and log management across the organization, who uses what data, who collects data and in what system
  • Future goals for this area, requirements and challenges with what is logged and how logs are treated today (and of past log/SIEM projects)
  • Discussion about current vs desired future state, challenges with current ways of dealing with logs, ultimate goals and “Phase 1” goals
  • Logging and compliance, known regulatory and other external mandates, common requirement interpretations, what other organizations are doing
  • Review of current compliance logging,  log sources, tools used, processes in place, teams involved
  • Discussion about “Mandate 1” and “Mandate 2” [sorry, cannot disclose the details] security monitoring requirements and SIEMs role in addressing these requirements at the organization
  • SIEM/security monitoring delivery options: internal, outsourced, co-sourced, managed, hybrid; pros/cons, ways to compare and choose
  • SIEM RFP elements and approaches to total SIEM program cost estimation, review of Gartner SIEM RFP toolkit
  • Joint creation of project outline and approach to addressing the challenges, recommendations, conclusions, etc.

If you are a Gartner client and would like an in-depth full-day guidance on acquiring, deploying and/or operating a SIEM tool effectively, please get in touch with your friendly neighborhood Gartner sales person. I’d be happy to do a similar customized workshop for your organization as well. And, no, I don’t know how much we charge for it Smile

Related SIEM posts:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: monitoring  security  siem  

Tags: security  security-monitoring  siem  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on My SIEM Workshop / SAS Day

  1. […] Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ← My SIEM Workshop / SAS Day […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.