Is SIEM up to the challenge

Still SIEMs can be very powerful tools, according to Patrick Zanella, associate vice president and security, compliance and product practice head, with Zensar Technologies, a global information technology services and business process outsourcer headquar­tered in Pune, India. In his view SIEM platforms have actually improved signifi­cantly over the past few years. For example, he notes, some provide a “replay” function that enables an administrator to recreate a past incident or attack and thereby develop a new policy for times when a similar incident might occur in the future. “Alerts and responses have also improved in most SIEM platforms,” Zanella says. “Early implementations of automated re­sponses caused problems, such as actions being taken when the alert was actually a false positive.” Today the kinks in automatic response systems have mostly been worked out. “More organizations are getting com­fortable that their SIEM will properly cor­relate an attack with information from other tools, such as a web content filtering product, and respond appropriately,” he says. Zanella says organizations typically use SIEM products for two reasons: to spot evi­dence of security threats or security breaches, and to ensure their organization is complying with regulatory standards.
“All those logs of data captured by the SIEM are growing, especially as SIEM platforms begin to capture usage and incidents from mobile devices. For this reason, some vendors are working to connect business intelligence and analytics tools to SIEM data,” he explains. Zanella points to a Forrester report, “How Proactive Security Organizations Use Advanced Data Practices to Make Decisions,” which proposed that the IT industry is currently poised at the intersection of SIEM, data warehousing and business intelligence, the combination of which could potentially provide the ability to discover and better respond to new threats.
The managed service option Indeed, according to Zensar’s Zanella, SIEM systems are often expensive to deploy and complex to operate and manage. And, while Payment Card Industry Data Security Stan­dard (PCI DSS) compliance has traditionally driven SIEM adoption in large enterprises, for mid-size and smaller organizations it is often concerns over advanced persistent threats (APTs) that have driven adoption – and led to them looking at the benefits of using a SIEM solution supplied with a managed security service provider (MSSP) option. Click Here to download this ebook on SIEM.