Effectively, EVERY regulatory mandate or security framework requires some form of log management to preserve a trail of events. In addition, many companies have a defense in depth strategy around critical assets using firewall, IDS/IPS, AV and network segmentation at the perimeter. Having one rather than a half dozen different product dashboards is what a SIEM helps provide.
But here is the thing... many companies assume that their SIEM will consume logs and machine data from their environment and will gracefully provide action items. Unfortunately, it does not happen this way.
DATA GATHERING
To begin with, essential assets need to be recognized and then integrated into the SIEM. A sound understanding of security best practices is MANDATORY.
TUNING
SIEM Products come with out of the box correlation rules with automation. But these rules must be constantly tuned to address different compliance and security needs. With a SIEM, knowledgeable human ownership is a REQUIRMENT.
RESPONSE
Wth all of the incoming data, serious events can be easily over looked.
CHANGES
This never happens right? Network configurations, endpoint updates, system components, new virus definitions, software version updates, user permissions, ETC!!
MANAGED SECURITY SERVICES
If you don’t already have in house 24x7 security experts dedicated to network monitoring it MAKES SENSE to engage in a company like RedLegg for Managed Security Services. Finding the right Managed Security Services company will significantly assist in your SIEM investment.