Security isn’t just about the firewall, gates, barricades anymore. And really, it never was. But now your whole security posture rests on being in the loop—on information, analysis and action.
If a threat, a breach is a matter of when not if—and IT IS—then what sets a mature security strategy apart is identification and response.
What we’re talking about is a SIEM (Security Information & Event Management). There are a lot of options and alternatives—QRadar, Splunk, Secureworks, Sumologic. Your SIEM needs to go beyond collecting logs, it has to alert the right people with the right information to support the right response—that’s the biggie.
Sorry to get ominous here—but you need to know when it happens. So if you’re on the fence, yes you need a SIEM. Let us, and our decades of enterprise cyber security experience tell you: security will never have a set-it-and-forget-it solution.
We work with a lot of SIEMs. The one we tend recommend is LogRhythm. And we want to go over the reasons for this—not because we need you agree with us, but because you need to know what to ask and what to look for when you’re picking yours.
The first requirement is functionality—obviously you need it to be able to collect and deliver information. But believe it or not it doesn’t end there.
Next is flexibility—the ability to tune your SIEM with exactly the right rules, thresholds and alerts for your network—to teach it to loop you in ONLY WHEN and ALWAYS WHEN you need it to.
Third, and this is kind of a paradox, is simplicity. A lot of SIEMs are honestly bottomless pits of development and you can’t spend all your time and budget just making it work with you.
Next is support. You probably don’t need big brother Dell’s divided attention leaving you lost in a sea of their customers. If you want a managed option—good ones are out there.
Finally is interface—once it’s set up, it needs to play nice with your people. When your security rests on information, it really matters how easy it is to get that info. It should be intuitive.
Again, in our experience, LogRhythm clears this checklist best. But what’s best for you is it’s own thing. If you want help, our seasoned security vets can test your weaknesses, assess your needs, recommend and implement and even manage a solution—if that’s what you need.
The point is, you need a SIEM product. Ask a lot of questions. Find the best fit. And help is here if you need it.