10 tips for successful siem deployment - eiq networks
Post on 10-Aug-2015
96 Views
Preview:
TRANSCRIPT
Copyright © 2015 EiQ Networks, Inc. All rights reserved.
10 Tips For A Successful SIEM Deployment
Copyright © 2015 EiQ Networks, Inc. All rights reserved.2
• SIEM Goals
• Common Challenges
• Tips For A Successful SIEM Deployment
• About EiQ Networks
Agenda
Copyright © 2015 EiQ Networks, Inc. All rights reserved.3
• Remove security-relevant data from silos
• Use correlation and analytics to detect advanced threats
• Meet regulatory compliance requirements
SIEM Goals
Log Mgmt
Config Audit
NetFlow Tools
SNMP Tools
User Monitoring
Threat Intel Tools
Vulnerability Scan
IT Assets
Copyright © 2015 EiQ Networks, Inc. All rights reserved.4
• SIEM solutions have a bad reputation – expensive to deploy and complex to manage
• Challenges– Product complexity– Hidden costs– Ability to get security value– Reactive security posture
Challenges
Copyright © 2015 EiQ Networks, Inc. All rights reserved.5
• Capturing event data
• Capturing the right event data
• Building and tuning alerts
• Actionable reporting and forensics
Product Complexity
44% of organizations report that managing the general complexity of SIEM products is their No. 1 challenge in this area**
** 2012 InformationWeek survey: “IT Pro Ranking: SIEM”
Copyright © 2015 EiQ Networks, Inc. All rights reserved.6
• Plan ahead– What security/compliance use case are you
addressing?– What type of data is appropriate for that
use case?– Prepare devices for collection
• Ask vendors about integration & agents
• Collection / Alerting / Reporting– Take an iterative approach– Consider a managed service
Tips For Reducing Complexity
Copyright © 2015 EiQ Networks, Inc. All rights reserved.7
• Staffing costs– Monitoring– Tuning
• Professional services– Connectors– Integration
• Ongoing costs– Server administration– Maintenance
Hidden Costs
Copyright © 2015 EiQ Networks, Inc. All rights reserved.8
Reducing Hidden Costs
Do-It-Yourself ManagedService
HybridApproach
On-Premises Software
CloudSaaS
HybridSaaS
VendorAdd-On Cost
UniversalParser
Included In Service
Deployment Model
StaffingModel
DeviceIntegration
Explore Your Options
Copyright © 2015 EiQ Networks, Inc. All rights reserved.9
• Console is difficult to use
• Reports are not actionable
• Too much noise
• Shelfware
Ability to get security value
Copyright © 2015 EiQ Networks, Inc. All rights reserved.10
• Think like a hacker– How would you get inside the perimeter?– What would you do next?
• Collect the data that matches the threat model– Don’t just collect from firewalls– Application and database logs are critical
• Realistically assess your security skills and time– Supplement your staff with product and security
experts
Tips for getting security value
Copyright © 2015 EiQ Networks, Inc. All rights reserved.11
• Responding to incidents after they occur
• Long timeframe to investigate & resolve
Reactive Security Posture
Copyright © 2015 EiQ Networks, Inc. All rights reserved.12
• Implement Security Controls– Change controls• Unauthorized devices on the network• New software installed• Configuration changes
– Malware protection is active and updated– Limit network ports, protocols and services– Vulnerabilities are detected and remediated
Proactive Security Monitoring
Copyright © 2015 EiQ Networks, Inc. All rights reserved.13
• Continuous Security Intelligence Platform– SIEM & Log Management – Security Controls Monitoring– Configuration Auditing
EiQ SecureVue®
Automates SANS Critical Security Controls
Easy-to-use Universal Parser
Copyright © 2015 EiQ Networks, Inc. All rights reserved.14
•Managed Service– 24x7 Security Monitoring– SIEM & Log Management SaaS– Deployed On-Premises or in Cloud– Customized alerting, reporting & consultation
• Reactive Security Monitoring– Security incident detection and response guidance
• Proactive Security Monitoring– Security controls monitoring and vulnerability detection
SOCVue® Security Monitoring Service
Copyright © 2015 EiQ Networks, Inc. All rights reserved.15
Please visit www.eiqnetworks.com to learn more
Request a Demo of SecureVue
Request a Free Trial of SOCVue Monitoring Service
Thank You
top related