May 5, 2020

Last Updated on January 18, 2024

Security Information and Event Management (SIEM) solutions have been around for a long time. But even before COVID-19 ratcheted up the InfoSec risk in many SMB environments, the list of drivers sparking renewed SIEM interest was long: ongoing high-profile breaches, new regulations mandating logging and/or incident response capabilities, new market entrants, the promise of AI and machine learning, and more.

The goal of SIEM is to reduce risk to sensitive data and decrease breach impacts by improving threat detection.

And there’s a lot of room for improvement! The current data breach lifecycle averages something like 279 days, based on recent research from the Ponemon Institute.

“Because really there’s no line. There’s no magic milestone that when an organization hits a certain size or hits a certain age or is in a certain industry that they should consider getting some type of log management or SIEM solution.”


Spotting the cyberthugs before they exfiltrate your sensitive data sounds like motherhood and apple pie—so why not recommend SIEM for every SMB? Because, like getting a puppy when you have a toddler, not every SMB’s “security maturity” is ready for the care and feeding of a SIEM tool.
A recent episode of The Virtual CISO Podcast gives SMBs a best-practice view of SIEM capabilities and adoption considerations. It features Danielle Russell, Director of Product Marketing Management for AT&T Cybersecurity talking with host and SIEM veteran John Verry, Pivot Point’s CISO and Managing Partner.
“One of the things we find working every day through SMB clients is increasingly there is this recognition that log monitoring or security information event management is a key thing for them,” John notes. “Where is the line… when an SMB gets to a point where it needs a SIEM? That might be in terms of size, that might be in terms of risk drivers or compliance drivers.”
Danielle stresses that there is no one-size-fits-all answer, “Because really there’s no line. There’s no magic milestone that when an organization hits a certain size or hits a certain age or is in a certain industry that they should consider getting some type of log management or SIEM solution.”
But meanwhile, today’s threat landscape is liable to send a loud wakeup call to SMBs still clinging to a “security through obscurity” approach. “Overall, cybercriminals are really operating at scale and they’re operating opportunistically and targeting businesses of all sizes,” Danielle states. “I think we know that about 43% of attacks targeted small businesses in 2018. … What that means for a small business is that it’s important to take a close look at your cybersecurity posture and your cyber risk posture.”

But is a SIEM the best InfoSec investment for a given SMB?

“I would maybe back up and ask the organization, ‘Where are you at in your cybersecurity maturity? Where are you at in addressing your overall cyber risk posture?’” offers Danielle. “There’s many reasons to do log management. But for the purpose of cybersecurity, doing logging or using a purpose-built SIEM… is a means to an end of being able to do threat detection and incident response. That’s what a SIEM is really built to do.”
Investing in threat detection before you address basic data protection issues might be a waste of precious resources.
As Danielle puts it: “So as we look at the progression or the maturity of an organization through something like a NIST Cybersecurity Framework, at the point that an organization says, “We recognize that we not only need to try to prevent and protect against potential cyber risk, but we also now want to make sure that we have visibility of what’s happening within our perimeter… and be able to detect things and then respond to them in a quick manner. That really becomes, I think, a strong motivator for a SIEM log management tool.”
Given the security and compliance value of a successful SIEM implementation, maybe the right question for SMBs is: Is a SIEM right for your business at this time? Or should a SIEM be further along in your security implementation roadmap?
To investigate these issues for yourself, you can listen to John and Danielle’s conversation in its entirety here. If you don’t use Apple Podcasts, you can find all our episodes here.