Overworked system administrators and their equally harried managers everywhere would love to hear from vendors that some SILVER BULLET security technology will keep them safe from all harm merely by plugging it in (and paying the vendor, of course).
From the Peanuts Treasury by Charles Schulz:
[Lucy has being going around getting people to sign a document absolving her from all blame.]
Lucy: “Just sign it… that’s right… thank you. No matter what happens any place or any time in the world, this absolves me from all blame!”
Charlie Brown: “That must be a nice document to have.”
Yes – it must be nice. But that document does not exist here in the real world, I’m afraid. You can, of course, buy security monitoring tools but a security monitoring capability? That is something you grow and mature.
In other words, if you set and forget, you will regret. To get the most value from your security monitoring tools investment, you must be prepared to watch, tune and update them.
That’s easier said than done:
• A 2013 451 Group survey showed that ~40% of security monitoring products were stalled and thus delivering poor value
• A research note from 2014 stated “Gartner commonly encounters organizations where a SIEM solution was acquired and has been quietly gathering dust ever since.”
To succeed at SIEM, organizations must not only buy the tools but grow the people and mature the process. This requires discipline, skills and time. Sadly, these qualities working at the same time are all too rare in the modern IT department of any but the very largest enterprises.
If you cannot mature the process effectively, consider outsourcing it. It is common practice to consider outsourcing for IT functions, usually driven by strategic, practical and financial considerations.
In their International Business Report 2014 “Outsourcing: driving efficiency and growth” Grant Thornton states that the main outsourcing drivers are:
• Globally, businesses which outsource are principally looking for efficiencies (57%) and to reduce costs (55%). In North America, 70% cite reducing cost and 69% improving efficiencies
• The drive for process efficiencies – where the focus is on doing things better and faster, rather than simply cheaper – is a major driver in North America (44%)
Information security is a critical function for any organization, however, it is no longer necessary to do it all in-house. There is a growing consensus that outsourcing components of security is a viable option for many.
The up side is that your organization will get sophisticated technology that can be customized to your specific needs and services delivered by “smart eyeballs”; and at a price point that is far more palatable than the do-it-yourself approach.
After all, if do-nothing was acceptable then why spend anything at all on tool acquisition?
By A. N. Ananth, CEO of EventTracker
EventTracker offers a dynamic suite of award winning products for SIEM and event log management. SC Magazine BestBuy EventTracker Enterprise processes hundreds of millions of discrete log messages to deliver vital and actionable information, enabling organizations to identify and address security risks, improve IT security, and maintain regulatory compliance requirements with simplified audit functionality.Security Center offers instant security alerts and a real-time dashboard for viewing every incident in the infrastructure, and Log Manager is a monitoring and early threat detection tool.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.