Buyer Beware: 5 Questions For Your Potential SIEM and Security Analytics Vendors

Five Questions You Need To Ask Yourself When Evaluating SIEM SolutionsThe following is an excerpt from Solutions Review’s 2017 SIEM Solutions Buyer’s Guide, to view the full report, which includes a market overview of the top 24 SIEM and Security Analytics solutions, download it for free here.

In 2017, SIEM and security analytics are seen as necessary parts of any significant enterprise security effort, but choosing the right SIEM solution for your organization isn’t easy. SIEM has a reputation as a complex and convoluted product, and implementation is a daunting process that can take weeks or even months to complete. Rush that process and you could end up with massive cost overruns or worse, an expensive, failed deployment.

To complicate things further, SIEM is a mature market full of vendors capable of meeting the basic log management, compliance, and event monitoring requirements of a typical customer, but whose points of differentiation may not be obvious to the untrained eye. However, as similar as they may seem, many SIEM solutions are optimized for   drastically different use-cases, and one size almost never fits all.

To help you evaluate prospective SIEM solutions, here are five questions you should ask prospective vendors before choosing a solution. If you find these questions helpful, check out Solutions Review’s free 2016 SIEM Buyer’s Guide, which features five more questions to ask yourself, and profiles of the top 24 solutions in the SIEM and Security Analytics solutions.

How will your product meet our auditing and regulatory compliance needs?

Compliance management is one of the most frequent use cases for SIEM solutions, and as such, most SIEMs have built-in support for the most common compliance efforts, such as HIPAA, PCI DSS, and SOX. Your organization can save time and resources by using a SIEM to meet its compliance reporting requirements, but before you can do so you need to make sure that a potential solution is compatible to your specific industry regulations.

Ask your potential vendor to demonstrate a clear relationship between your industry compliance needs and their policies and rule sets. What out-of-the-box compliance reports are available? What level of customization is available for reporting?

Do you offer assistance with deployment? What about training for personnel?

SIEM is a complex technology, and so naturally, SIEM deployment is a complex process. In fact, SIEM is notoriously difficult to deploy– In a 2014 Report, Gartner analyst Oliver Rochford estimated that somewhere between 20% and 30% of SIEM deployments among his client base fail. Once successfully deployed, a SIEM solution requires a dedicated team of skilled analysts and technicians to manage the software and ensure effective use. Ask prospective vendors what kind of support they will provide during the deployment process, and what, if any, training is available for your team.

Do you support public and private cloud platforms and big data environments? If not, do you have plans to do so?

Whether you’re there yet or not, there’s a strong chance that Public Cloud Computing and Big Data Solutions will play a prominent role in the future of your organization’s IT environment. If you’re spending top dollar on an SIEM solution today, you’ll want to know that it will integrate with the systems you use tomorrow. Ask prospective vendors how their solutions support cloud and big data platforms that you currently use, or may use in the future.

How well does your SIEM handle the log sources? Is there extensive native support, or will custom development work be required?

Your SIEM isn’t worth much if it can’t understand the log data from the important log-generating sources in your organization. Make sure your potential SIEM solution supports your organization’s security systems, such as firewalls, intrusion prevention systems, VPNs, email gateways, and antimalware products.

Any prospective SIEM solutions should also support log files from the operating system (both type and version) that your organization uses.

What features does your product provide for data analysis?

Aside from the SIEM’s alerts and reporting, an SIEM used for incident detection and response should provide features that help your security analysts review and analyze log data.

Even the smartest, best-configured SEIM is worse than the best analyst–a highly accurate SIEM can still misinterpret events, so make sure your team can vet the SIEM’s results. Strong search and data visualization capabilities can also help facilitate the investigation of incidents.

 

Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *