Monday, October 29, 2012

Do you really need an SIEM?

One of the major tasks of an information security group is to monitor the status of the systems, devices, etc. from a security perspective. Traditionally, IT systems were expected to generate log records according to different standards and best practices. Log management, including the maintenance, storage and analyzing log data has been widely known as a security requirement for  IT systems. In recent years, with the growth of Security Event Management (SEM) systems, more companies are going to deploy SIEMs. But a common mistake here is that the SIEM can/should be used as the alternative to a log management solution. Therefore, some companies that are not matured in terms of log management and security monitoring also decide to use SIEM. I always try to explain the case for such companies, and to convince them not to do so. 
The SIEM related posts by Dr. Anton Chuvakin in his personal blog are strongly recommended.       

No comments:

Post a Comment