Pivot Point Security Discusses Pitfalls of SIEM at CSO Event
Posted by John Verry on Fri, Oct 03, 2008 @ 04:58 PM
John Verry (CISA), Principal Enterprise Security Consultant with Pivot Point Security speaks on Security Information and Event Management challenges at Baltimore CSO Breakfast Club event.
Owings Mills (PRWEB) October 3, 2008 - John Verry spoke before an audience of experienced and senior Information Security professionals from a variety of markets at the CSO Breakfast Club’s Baltimore chapter event on Network Access Control (NAC) and Security Information and Event Management (SIEM).
Verry, an expert on the topic of SIEM with over 7 years of SIEM experience under his belt addressed the crowd on the SIEM landscape, including the history of the solution, its early pains and its growing success stories. His “Keys to Success” formed the basis of the presentation and elicited extensive interchange with members considering and/or in the process of implementing SIEM technology.
Over the course of the hour long discussion, Verry explained that while in its earlier, more immature years, SIEM solutions received a bit of a ‘black eye’ for several reasons, SIEM solutions have changed quite a bit in recent years in part due to industry consolidation and product acquisition by larger, more established companies. He continued by stating this maturity has turned SIEM solutions into an answer to the challenge of demonstrating compliance with numerous regulations including; PCI-DSS, SOX, HIPAA, and ISO27001 for many organizations. He noted a good example of this recent maturity is indicative in the Novell Sentinel SIEM solution, acquired from e-Security in 2005. With Novell’s enhanced development and support services the product has evolved significantly since the acquisition.
He stressed that the key elements to success in any SIEM project are clear definition and alignment (with systems architecture and databases) of requirements, commitment of the necessary resources and a tightly scoped and phased implementation approach. Within this portion of the presentation he stressed that knowledge of the events generated by an enterprises’ security devices per second is one of the critical metrics when defining requirements. He continued to note that these event rates will ultimately define the other requirements of the project, especially the database architecture.
The event concluded with a recap of his key points along with the important advice to start such projects small and create positive momentum and political support within your organization to make a SIEM project successful.
Download the presentation here.
(Adobe Acrobat required)