Gartner Blog Network

My UPDATED “Security Information and Event Management Architecture and Operational Processes” Publishes

by Anton Chuvakin  |  September 15, 2014  |  5 Comments

Finally, I completed an epic update to my 2012 paper “Security Information and Event Management Architecture and Operational Processes.” I think of this paper, interchangeably, as of SIEM’s missing manual” or a SIEM bible” … It now has expanded SIEM process guidance, new detailed use cases, more SIEM metrics, updated SIEM maturity framework and other fun new stuff – and of course a lot of the old good stuff that is still very useful for those planning, deploying and operating SIEM tools. It is LONG – but let me tell you – reading it is way cheaper than hiring 2 knowledgeable SIEM consultants for 2 weeks 🙂

Some fun quotes:

  • “Organizations have to monitor complex, ever-expanding IT environments that sometimes include legacy, traditional, virtual and cloud components. Security monitoring in general, and SIEM in particular, become more challenging as the size and complexity of the monitored environments grows and as attackers, driven by improving defenses and organization response, shift to more advanced attack methods.”
  • “Ultimate SIEM program success is determined more by operational processes than by architecture or specific tool choice. SIEM implementations often fail to deliver full value due to broken organizational processes and practices and lack of skilled and dedicated personnel.”
  • “A mature SIEM operation is a security safeguard that requires ongoing organizational commitment. Such commitment is truly open-ended — security monitoring has to be performed for as long as the organization is in business.”
  • “A SIEM project isn’t really a project. It is a process and program that an organization must refine over time — and never “complete” by reassigning people to other things. Running SIEM as a project to “do and forget” often leads to wasted resources and lack of success with SIEM.”


P.S. Gartner GTP access required!

Others posts announcing document publication:

Blog posts related to SIEM research:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: announcement  security  siem  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on My UPDATED “Security Information and Event Management Architecture and Operational Processes” Publishes

  1. Robert says:

    Hi Anton,

    I’m interested in your SIEM Researh paper but I’m not a GTP member. Is there a way to buy the research without a GTP membership?

  2. @Robert I am not sure we sell GTP research a la cart 🙁

  3. Tom Bain says:

    I am looking forward to reading it Anton.

  4. […] ← My UPDATED “Security Information and Event Management Architecture and Operational Processes&#… […]

  5. […] My UPDATED “Security Information and Event Management Architecture and Operational Processes” Pu… […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.