Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, June 02, 2010

Small And Midsize Companies Take New Directions On SIEM

For years now, compliance has been the primary reason why small and midsize businesses (SMBs) buy security information and event management (SIEM) tools.  According to a study published today by the SANS Institute, SIEM and log management tools are becoming increasingly popular as a method for tracking down and diagnosing security problems, rather than serving primarily as tools for proving security compliance.  That premise is supported by a separate study published simultaneously by security tool vendor RSA, which offers SIEM software.

“The need for compliance really drove widespread deployment of log management—SIEM tools went everywhere,” says Sam Curry, technology chief marketing officer at RSA.  “I think we’re seeing a real shift here, and it may be happening first at small and medium-sized companies because their compliance process is less complex than those at larger enterprises.

“These are categories in which people are actually getting things done, not just marking a checkbox on a form to say they’re doing it,” the SANS study says.

In the RSA study, 89 percent of respondents said the primary use for their SIEM tools is for security operations functions, compared with 54 percent who cited compliance.  Moreover, the survey reported that as many as 66 percent of those surveyed ranked real-time monitoring as most important when evaluating a SIEM vendor.

Because of their size, SMBs might be quicker to take advantage of the automated operations capabilities of SIEM and log management tools, Gottlieb says. “They’re going to be quicker to ask for more automation.”

“Most SIEM products require months of tuning after the initial installation—there is no such thing as a fully functional SIEM right after installation,” said security consultant Eugene Schultz in a blog.

But companies that have already purchased and implemented SIEM and log management tools are finding them increasingly useful in the growing tasks of incident response and forensics, Curry says.

Posted on 06/02