Information Security Blog

SIEM Implementation: 2 Simple Cost Savings Strategies

I’m a big fan of all things SIEM – except the cost. The cost for a full blown SIEM implementation in a F100 company with multiple compliance requirements can easily reach mid six figures if you’re not careful. A lot of the cost often relates to data storage and licensing – two cost centers that can potentially be reduced significantly without impacting functionality all that much.

STORAGE: SIEM’s require a lot of storage when you are reaching 500,000,000 events/day. The raw data, indexes to speed searching, summary data to facilitate reporting and related meta data can easily drive a requirement for 50 Terra Bytes of storage or more if you need to keep the data around for a year to meet compliance standards (e.g. PCI Data Security Standard). You also need fast, easily manageable storage, which often means SAN – which definitely means expensive.
LICENSES: SIEM’s also require a number of servers running potentially expensive OS’s, databases, and BI/Reporting Tools.

During a recent engagement the cost to implement the SIEM per the original design got a bit too pricey so we looked for ways to reduce the cost.

We limited the online (SAN based) storage from one year to 90 days. The other 275 days of data will sit on a highly compressed text indexed server that will provide them the ability to run searches on older data the handful of times that it may be necessary.
We moved from a Solaris to Linux (which also allowed us to move from Sun to x86 servers).
We moved from Oracle to MySQL (with 4 CPU’s the cost and maintenance savings were notable).
We moved from Crystal Reports to Jasper Reports.

The net was the cost was reduced by several hundred thousand dollars with minimal impact to functionality …. Not too bad for an afternoon’s work !

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results