SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake a research project dedicated to finding, creating, refining, optimizing and retiring use cases for SIEM and some other monitoring technologies. This effort promises to be very exciting – and of course supremely valuable for Gartner GTP clients!
For now, while we are still deciding on the scope of this effort (and finishing up our VA / VM research too) here are some useful links.
Some of my past writing on SIEM use cases can be found here:
- Popular SIEM Starter Use Cases
- Detailed SIEM Use Case Example
- A very old whitepaper but with lots of SIEM use case details
- Security Information and Event Management Architecture and Operational Processes (Gartner GTP access required)
Some other excellent SIEM use case writing is linked below:
- SIEM Use Case Implementation Mind Map (focus on the process, less on a laundry list of use cases)
- Security Monitoring / SIEM Use-Cases (lots of info with links to more SIEM use case guides)
- SIEM Use Cases: What Your Need To Know
- SANS Effective Use Case Modeling for Security Information & Event Management [PDF]
Enjoy!
Select recent blog posts related to SIEM:
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed