What should your enterprise consider when planning your future SIEM deployment?
SIEM carries a unique reputation among other cybersecurity solutions. On the one hand, SIEM solutions prove increasingly necessary in a cybersecurity culture emphasizing threat detection over prevention. Only SIEM offers in-depth log management and threat detection capabilities vital to recognizing and remediating dwelling threats on your enterprise network.
However, many enterprises and cybersecurity experts view SIEM as complex and costly. While enterprises can solve many of the issues they raise themselves, they still struggle with one recurrent challenge: SIEM deployment.
The Unexpected Factors in SIEM Deployment
Obviously, plenty of factors should contribute to your overall cybersecurity plans and strategies.
Firstly, you should consult with your IT security team to ensure you have the most up-to-date threat intelligence; your InfoSec policies should reflect the most likely threats your business faces.
Secondly, some SIEM solutions provide more optimal security for particular use cases, such as industry vertical or business size; this must form a central component in your deliberations before you engage in SIEM deployment.
Thirdly, your enterprise must determine whether you need a next-gen SIEM solution or whether it can upgrade its current solution. In either case, a legacy solution doesn’t provide the capabilities or the threat intelligence necessary to survive in the modern digital marketplace. You absolutely need to replace your legacy SIEM solution, no matter how convenient or familiar it may be to your users.
Finally, you need to consider the compliance initiatives with which your enterprise must comply. Most SIEM solutions offer out-of-the-box compliance report templates for the major mandates like HIPAA; however, you may need a solution with a specialty compliance report template depending on your vertical.
However, these factors only scratch the surface of the considerations you should incorporate in approaching your SIEM deployment. There are plenty of unexpected or downplayed factors which can help you make the right solution selection.
Before your SIEM deployment, ask yourself these questions:
What is Your Location?
Don’t limit your answer to geography in terms of country. Do you have offices throughout the world? Or are you more centrally located in a single city? Where are your customers located, and how do they interact with you physically (if at all)?
These questions matter because it determines, in part, the size of your overall IT environment. Successful SIEM deployment hinges on recognizing the full size of your network and prioritizing which network areas to protect first.
An easy way to fail in SIEM deployment is to try to deploy the solution throughout the entire network all at once. Approaching SIEM in this way can swiftly overwhelm your IT security team, burying them under maintenance demands and security alerts.
Instead, you need to consider your network size and carefully choose which areas need SIEM first. From there, you can get a feel for how your SIEM solution operates and can make tweaks to it as you expand its coverage.
How Will Your Business Scale?
Your enterprise’s vertical determines the answer to this question to at least some degree; for example, being in app development most likely translates to greater scalability potential. However, your own business practices also determine your potential and predicted scalability.
Regardless, your SIEM deployment hinges on recognizing scalability—both your own and that of the solution.
After all, your SIEM solution must scale with your enterprise environment. If it doesn’t, it could, in fact, inhibit your IT growth and possibly your business process evolution.
On the other hand, a SIEM solution more suited to scale with your enterprise can facilitate your digital transformation and thus improve your business standing.
Most SIEM solution providers offer an opportunity to test their scalability before selection. We recommend you take them up on their offer.
How Does Your Enterprise Adopt to New Technologies?
Next-gen SIEM deployment forces many enterprises to confront aspects of their culture they never thought of before.
Successful SIEM deployment relies on the adoption and support of your employees and other users. Their behaviors and participation determine your cybersecurity policy effectiveness; whether they follow best-practices or not could determine whether your enterprise suffers a data breach.
So the question becomes: how easily do your employees adapt to changes in their business procedures? After all, a new SIEM solution inevitably causes business processes to change; if your employees aren’t ready, they may develop unsafe workarounds.
What is Your IT Staff Experience?
Saying your IT staff should be responsible for your SIEM illustrates a dangerous lack of responsibility. As stated above, your employees and privileged users must also participate in your SIEM solution for its optimal performance.
However, your IT security team should take responsibility for your SIEM deployment and maintenance; after all, they should have the necessary technical knowledge to perform both tasks efficiency.
Unfortunately, the above statement may only be an “ought” statement. The continuous and ever-increasing cybersecurity staffing crisis means InfoSec talent can prove hard to find and recruit. Moreover, the high burnout rates among IT security teams adds another challenge to your HR department.
As SIEM can prove challenging to maintain and deploy, you need to assess what your IT security can reasonably handle. They may need a simpler, more streamlined SIEM solution. In some cases, you may wish to consult with a managed security services provider (MSSP); plenty of SIEM solution providers also offer managed services for exactly these situations.
How Will Your Solution Integrate?
Your enterprise will already have IT environment composed of multiple solutions, databases, applications, and third-parties. How these different digital actors interact with each other determines plenty of your business processes and user experience.
SIEM deployment adds another layer of complexity to your IT environment; the solutions interact with applications and even other cybersecurity solutions differently. Without proper integration capabilities, your SIEM solution could open your IT environment to security issues.
SIEM solution providers constantly update their integration partnerships and capabilities; they should prove more than willing to share this information with you if asked.
As a rule of thumb, you should focus on integrating SIEM with your cybersecurity solutions like your endpoint protection platform or identity security platforms. This helps ensure a comprehensive and consistent InfoSec layer—the ultimate goal of any cybersecurity effort.
Latest posts by Ben Canner (see all)
- A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks - April 2, 2020
- The Marriott 2020 Breach: What You Need to Know - April 1, 2020
- Business SIEM Advice for After the End of Coronavirus - March 31, 2020