Finally, I completed an epic update to my 2012 paper “Security Information and Event Management Architecture and Operational Processes.” I think of this paper, interchangeably, as of “SIEM’s missing manual” or a “SIEM bible” … It now has expanded SIEM process guidance, new detailed use cases, more SIEM metrics, updated SIEM maturity framework and other fun new stuff – and of course a lot of the old good stuff that is still very useful for those planning, deploying and operating SIEM tools. It is LONG – but let me tell you – reading it is way cheaper than hiring 2 knowledgeable SIEM consultants for 2 weeks 🙂
Some fun quotes:
- “Organizations have to monitor complex, ever-expanding IT environments that sometimes include legacy, traditional, virtual and cloud components. Security monitoring in general, and SIEM in particular, become more challenging as the size and complexity of the monitored environments grows and as attackers, driven by improving defenses and organization response, shift to more advanced attack methods.”
- “Ultimate SIEM program success is determined more by operational processes than by architecture or specific tool choice. SIEM implementations often fail to deliver full value due to broken organizational processes and practices and lack of skilled and dedicated personnel.”
- “A mature SIEM operation is a security safeguard that requires ongoing organizational commitment. Such commitment is truly open-ended — security monitoring has to be performed for as long as the organization is in business.”
- “A SIEM project isn’t really a project. It is a process and program that an organization must refine over time — and never “complete” by reassigning people to other things. Running SIEM as a project to “do and forget” often leads to wasted resources and lack of success with SIEM.”
P.S. Gartner GTP access required!
Others posts announcing document publication:
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- My Blueprint for Designing a SIEM Deployment Publishes
- My Evaluation Criteria for Security Information and Event Management Publishes
- My Threat Intelligence and Threat Assessment Research Papers Publish
- My Updated Vulnerability Management Practices Paper Publishes
- My Security Solution Paths Published: Threats and Vulnerabilities
- All My Research Published in 2013
Blog posts related to SIEM research:
- SIEM Real-time and Historical Analytics Collide?
- SIEM and Badness Detection
- “Stop The Pain” Thinking vs the Use Case Thinking
- More on SIEM Maturity – And Request for Feedback!
- My Evaluation Criteria for Security Information and Event Management Publishes
- On SIEM Tool and Operation Metrics
- SIEM Analytics Histories and Lessons
- How to Use Threat Intelligence with Your SIEM?
- Popular SIEM Starter Use Cases
- Detailed SIEM Use Case Example
- On “Output-driven” SIEM
- On SIEM Deployment Evolution
- On People Running SIEM
- On SIEM Processes/Practices
- On Large-scale SIEM Architecture
- All posts tagged SIEM
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
3 Comments
Hi Anton,
I’m interested in your SIEM Researh paper but I’m not a GTP member. Is there a way to buy the research without a GTP membership?
@Robert I am not sure we sell GTP research a la cart 🙁
I am looking forward to reading it Anton.