Back to SIEM Research!

Now that my threat intelligence research project is wrapping up, I am going to be spending my summer in SIEM!

Here is what I have in mind for the next few months:

1. An architectural blueprint (a new type of GTP document) on SIEM that will depict one good way of architecting Security Information and Event Management across a large organization
2. A detailed list of SIEM tool evaluation criteria, a document that I always wanted to create in order to cover – to a painful level of detail – a set of technical features and capabilities that an enterprise-capable SIEM should have (it would be a little reminiscent of our SIEM RFP toolkit, but with stronger focus on product – rather than vendor – requirements)
3. Updates to my past SIEM documents [see below], one on operational practices (with its own SIEM success guidance framework!) and one on the technology landscape.

Just as a reference, my published Gartner research on SIEM includes (GTP access required):

• “Security Information and Event Management Futures and Big Data Analytics for Security” (chock full of SIEM futures and REAL big data use cases for security analysis)
• “Security Information and Event Management Architecture and Operational Processes” (my favorite paper I’ve ever written on SIEM )
• “SIEM Market Trends, Solutions, Assessment and Select Product Profiles” (a bit dated, but still a fun read!)

Select recent blog posts related to SIEM:

• SIEM Webinar Questions – Answered
• How to Use Threat Intelligence with Your SIEM?
• Detailed SIEM Use Case Example
• On “Output-driven” SIEM
• On SIEM Maturity Scale and Maybe On CMM Too
• On SIEM Deployment Evolution
• On People Running SIEM
• On SIEM Processes/Practices
• On Large-scale SIEM Architecture