Select and Implement a SIEM Solution

In the face of increasing regulatory pressures and headline-grabbing hacking activities, enterprises are deploying an ever increasing volume of dedicated security tools. As a result, they are drowning in log and alert data to the point where the tools inhibit their own value.
Implementing Security Information & Event Management (SIEM) allows enterprises to manage and respond to an ever-widening range of threats and compliance requirements by consolidating, aggregating, correlating, and reporting on security events. Taking action based on correlated data is accelerated, and detailed reporting supports obligations to demonstrate the specific measures the enterprise is taking to be compliant.
Getting a strong product evaluation allows organizations to enhance enterprise security at a manageable cost. Making the wrong choice could mean higher costs, lower security, or both.

Our Advice

Critical Insight

The SIEM market is undergoing rapid developments. In existence for just over a decade, the market is still maturing and product sets continue to be rationalized. Market consolidation is constantly occurring with large security vendors purchasing smaller dedicated SIEM vendors. The threat and regulatory landscape is making SIEM a more and more attractive technology for security firms and customers. Major leaps are being made in advanced capabilities as specialized correlation and analytic features are commercialized.
At first glance a SIEM may cause a panic attack. It will highlight various threats, risks, and vulnerabilities you may have not known about. Stay calm and realize the technology is providing a greater visibility into your organization’s security standing.
Various deployment and management options are making SIEM technology available to all levels of security organizations. Near full out-of-the-box solutions are being used by smaller organizations. Managed security service provider (MSSP) offerings are appearing, and can reduce the ongoing costs to a manageable level. High-demand organizations command with as many as five full-time equivalents (FTEs) monitoring and managing the system to respond to threats in real time.

Impact and Result

Understand what’s new in the SIEM market and where it’s heading.
Develop a strong understanding of the top SIEM vendors and their offerings to identify a best-fit product for your organization.
Create a selection and implementation strategy that allows you to choose the right-sized vendor, and receive the greatest value for your organization.

Select and Implement a SIEM Solution Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should select and implement a SIEM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Select and Implement a SIEM Solution – Executive Brief

1. Launch the SIEM selection project and collect requirements

Assess the value of and identify the organization’s fit for SIEM technology, structure the SIEM selection project, and gather and analyze SIEM requirements.

2. Select a SIEM solution

Produce a vendor shortlist based on requirements, create and evaluate RFPs, conduct vendor demonstrations, and select a SIEM solution.

3. Plan the SIEM implementation

Create an implementation plan that sets up the organization’s SIEM capabilities and allows for handover to Operations.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Launch the SIEM selection project and collect requirements

Call 1: Identify the organization's fit for a SIEM solution
Call 2: Identify staffing needs and build a project plan
Call 3: Gather business, security, and IT requirements

Guided Implementation 2: Select a SIEM solution

Call 1: Create a shortlist based on the organization's needs
Call 2: Review findings with an analyst and create an RFP
Call 3: Conduct a contract review and select a SIEM solution

Guided Implementation 3: Plan the SIEM implementation

Call 1: Create an implementation plan
Call 2: Set up the organization's SIEM capabilities
Call 3: Hand over the SIEM solution to Security Operations

Authors

Wesley McPherson

Filipe De Souza

Contributors

Sofiane Chtioui, Experienced IT Architect and Information Security Consultant, Hypratek Solutions Inc.
Christopher (Kriss) Warner, President/Chief Security Consultant, Cyberdine