Skip to main content

Navigating a Successful SIEM Strategy

May 02, 2014

It’s been my experience that deploying a successful SIEM strategy is like the “jump program” from The Matrix. Left on one’s own, without the help of the experienced experts, nearly all first attempts at SIEM fail. But, the good news is there are some steps you can take that will help ensure your organization achieves success.

1.  Find the Right Partner -- First time SIEM buyers should work closely with experienced service providers. They should find a partner that they can trust to help them from early stages, before the procurement process begins. Such a partner should work regularly with multiple SIEM technologies, since there is no universal solution available today. Finding the right SIEM requires having a deep understanding of the whole market, something that few companies have in-house.

2.  Understand Your Needs -- We see far too many companies making huge purchases of SIEM infrastructure without first deciding what they specifically want to get out of it. Having well defined requirements will help you navigate the available options – as there are different SIEM solutions for different types of organizations and different vertical industries.

3.  Remember, It’s a Marathon, Not a Sprint -- Pacing is another critical issue. Too many companies overshoot the mark at first. There is a maturation process through which every organization grows. Getting SIEM right takes years, not months. Start small, define achievable, demonstrable goals and then build on your success. Don’t try to jump headlong into large-scale advanced analytics if you haven’t already successfully deployed basic log management and correlation.

4.  Set Measurable Goals -- Realistic expectation and persistence matter most when it comes to SIEM. When you’re new at SIEM (or restarting a failed SIEM effort) define a small, achievable use case. For example, simply consolidating all critical security events into one event stream is often a good first step. Make sure that every use case has output that can be measured and demonstrated to management. If you track your progress in terms of completed use cases over time, and demonstrate the value of the solution, the resources that you need for the next phase will to be easier to obtain.

By following these steps, your organization can experience long-term SIEM success.

    Peter Schawacker

By: Peter Schawacker

Director, Security Intelligence Solutions

See More

Related Blogs

March 05, 2015

Why do they call it DLP?

I always have to ask myself every time I hear the acronym “DLP.” Why do they call it that? There is no “prevention” in most DLP. It should be called D...

See Details

April 10, 2013

What I Know About Risk Management I Learned from Surfing

Surfing is risky business. There are uncertainties and sometimes danger. The costs can be serious injury, maybe death. However, the rewards can be hig...

See Details

May 25, 2017

Having an Identity Crisis? CISO’s Need to Own IAM

Within any company, we can find owners for every key function throughout the enterprise. If we ask, “who is in charge of human resources?” we know the...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.