- Enterprises are deploying an ever increasing volume of dedicated security tools, and as a result are drowning in log and alert data to the point where the tools inhibit their own value. Additionally, regulatory and industry compliance initiatives are springing up frequently, each with additional and differential monitoring and reporting requirements.
- Implementing Security Information & Event Management (SIEM) allows enterprises to address both of these issues by consolidating, aggregating, correlating, and reporting on security events. Acting on correlated data is quick and efficient, and the reporting indicates just what measures the enterprise is taking to be compliant.
- Getting the strategy, architecture, and product selection right means enhanced enterprise security at a manageable cost; making the wrong choice could mean higher cost, lower security, or both.
- At ten years old, the SIEM market is still in its infancy and product sets continue to be rationalized. However, market consolidation is starting to occur and the landscape is ripe for radically increased adoption.
- Implementing SIEM is not a panacea; the first thing the tool will do is highlight all the vulnerabilities, threats, and other risks that the enterprise has been missing. The initial impression will be that SIEM made the situation worse. If the organization is not prepared to deal with this reality, then it’s not ready for SIEM.
- Whether the organization chooses a hardware or software delivery mechanism, costs are not limited to the SIEM platform itself; implementation costs will be higher due to the broad-scale integration needed and operations could require as many as five FTE if the organization wishes to respond to threats in real time.
Impact and Result
- Understand the spend cycle associated with SIEM (acquire SIEM tools, invest in SIEM management, acquire additional tools to address threats that SIEM identifies) and be able to build future-looking budgetary estimates appropriately.
- Review the market and identify a best-fit vendor & product from the broad and diverse market-space; whether the organization targets security, compliance, or overall risk reduction, there’s a solution for every need.
Get to Action
1.Get a crash course on SIEM
Understand SIEM strategy, solutions, and operational best practices.
- Vendor Landscape Plus Storyboard: Security Information & Event Management
2.Review SIEM solutions
Build a shortlist of best-fit SIEM tools for the enterprise.
- Security Information & Event Management Vendor Shortlist Tool
3.Issue an RFP
Solicit responses from shortlisted vendors to find optimal enterprise fit.
- Security Information & Event Management RFP Template
4.Evaluate RFP responses
Keep vendors honest, and select the best SIEM for enterprise needs.
- Security Information & Event Management RFP Scoring Tool
5.Review RFP winners
Ensure that selected proponents can deliver when it counts.
- Security Information & Event Management Vendor Demo Script
*This is a bundle package with multiple titles
- Security Information & Event Management Vendor Shortlist Tool (excel)
- Security Information & Event Management RFP Template (word)
- Security Information & Event Management RFP Scoring Tool (excel)
- Security Information & Event Management Vendor Demo Script 9 (word)
*Vendor Landscape Plus Storyboard: Security Information & Event Management (powerpoint)
Symantec’s Security Information Manager achieved the top spot in the evaluation of Security Information & Event Management (SIEM) products, but competitors offer compelling alternatives, especially where business requirements and/or existing IT security solutions dictate a different priority on specific product features.
Use this research to:
- Understand current capabilities of SIEM vendors and evaluate offerings for best fit.
- Use scenario analysis and case studies to shortlist vendors.
- Assess implementation recommendations and pitfalls.
Focus first on business requirements so that current and future SIEM objectives can be achieved through the vendor and product chosen – whether the objective is simplifying compliance reporting, making security event management more efficient, or improving IT risk management. Consider managed security service providers (MSSPs) as a means to cost-effectively implement real-time monitoring of security events.
*Security Information & Event Management Vendor Shortlist Tool (excel)
This tool allows enterprises to profile their Security Information & Event Management (SIEM) requirements and generate a rank-ordered vendor shortlist from a fixed list of vendors. Vendor profiles are based on Info-Tech’s recent in-depth review of the SIEM market. The tool includes the following specific aspects of analysis:
- Variable prioritization for product suitability on the following factors:
- Advanced features including enhanced capabilities for event correlation, aggregation and normalization, alerting, reporting, forensic analysis, and data management.
- Product usability.
- Product architecture.
- Relative cost.
- Variable prioritization for vendor suitability on the following factors:
- Vendor viability.
- Vendor focus on SIEM and on the SME market.
- Breadth of the vendor support organization.
- Size and strength of the channel.
- Weightings to adjust the contribution of various suitability factors to overall vendor ranking.
- A self-sorted ranking list of SIEM vendors. The ranking is based on user input.
Narrow the vendors to a shortlist of solutions that best satisfy your organization’s requirements before sending out RFPs and scheduling vendor demonstrations.
*Security Information & Event Management RFP Template (word)
A Request for Proposal (RFP) is a formal invitation issued by a business or agency requesting interested vendors to submit written proposals meeting a particular set of requirements. This RFP template comes populated with crucial selection considerations, including:
- The Statement of Work
- Proposal Preparation Instructions
- Scope of Work, Technical Specifications, and Functional Requirements
- Vendor Qualifications & References
- Budget & Estimated Pricing
- Vendor Certification
A detailed RFP saves time in the selection process and ensures that you select a best-fit solution for the organization.
*Security Information & Event Management RFP Scoring Tool (excel)
This tool assists in the evaluation of completed Security Information & Event Management (SIEM) vendor RFP forms. It is pre-built with the essential criteria that must be considered. Use this tool to:
- Determine the importance of each solution capability to meeting your organization’s business requirements.
- Score and compare potential SIEM RFP vendor responses.
- Review overall vendor rankings and cost estimates.
Put hard numbers behind vendor claims, and keep evaluations objective by scoring RFP responses.
*Security Information & Event Management Vendor Demo Script 9 (word)
This template is designed to provide Security Information & Event Management (SIEM) vendors with a consistent set of instructions, ensuring an objective comparison of product features – all while evaluating ease-of-use, and ease of setup and configuration.
The template is pre-built with four common scenarios to leverage:
- Log source configurations: basic, enriched, and custom.
- Event correlation, alerting, log analysis, and incident management: standard, threshold-based, and custom.
- Reporting features: standard and advanced.
- Dashboard and access control features: granular access control and customized displays.
Vendor demonstrations are essential in order to evaluate SIEM user experiences. Allowing vendors to run the demonstration without your guidance will only highlight their strengths.