The goal of Security Information Event Management (SIEM) is to reduce risk to sensitive data behind the firewall and minimize breach impacts by shortening the threat detection window and data breach lifecycle—which currently averages 279 days according to the latest data from the Ponemon Institute and IBM Security.
To help SMBs get a handle on SIEM considerations, a recent episode of The Virtual CISO Podcast featured Danielle Russell, Director of Product Marketing Management for AT&T Cybersecurity, a leading SIEM provider. Host John Verry, Pivot Point’s CISO and Managing Partner, also has wide experience with SIEM both at Pivot Point and with clients.
One of the top topics of their discussion was key SIEM features for SMBs.
John notes that, from a potential SIEM user’s perspective, “You hear all these terms. You’ve got concepts of log consolidation and we want alerting and we want correlation and the big buzz is threat hunting and SOAR and all these new terms. … Which services or which features are the most important? How do they figure that out?”
Danielle answers with a critical insight for any SMB considering SIEM technology: “… the most important question to come back to is… what your objectives are and what your resources are. SIEM tools that have all the latest features… they’re great as long as you have the resources to be able to manage those. Too often, we hear of organizations who go out and purchase the proverbial million-dollar doorstop with a SIEM project that fails.”
“When you look at it from a resource perspective, the features that I would advocate or the characteristics or quality that I would advocate most strongly for a small to medium-sized business to evaluate a SIEM against would be ease of use,” Danielle pinpoints. “SIEMplicity throughout.”
Based on customer experience and feedback, Danielle recommends “… a SIEM that is easy to deploy, that isn’t going to take a lot of security engineering to bring in information from separate tools, whether that’s your own scanner, whether that’s your intrusion detection system, but can help accelerate that deployment timeframe. By that, I mean not weeks to months—I mean minutes to hours, today. You should be able to get up and running with a SIEM in a few minutes to hours.”
Ease of use goes beyond deployment to encompass alerting and triaging alarms to orchestration and response capabilities.
Rapid time-to-benefit along with a small IT and administrative footprint are essential to realizing the core business value of SIEM to reduce breach impacts and associated costs and reputational damage.
This blog post is based on an episode of The Virtual CISO Podcast, featuring Danielle Russell. To hear this episode in its entirety and many others like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
For more information:
- Goldilocks and the 3 SIEMs
- What Threat Hunting and Pinot Noir Have in Common
- SIEM Implementation: 2 SIEMple Cost-Saving Strategies