An overall Enterprise Security plan will be comprised of many different moving pieces. An effective plan will have all of these pieces in place and working together like a fine tuned machine. Managing this plan and taking in all of the data that is presented can be an overwhelming task. Correlating all of this data is tough as well – the potential attack that was picked up by your IDS, was it successful? Was there any suspicious activity soon after, maybe representing a data breach and a success?
The inclusion of a SIEM (Security, Information and Event Management) product can be a great addition to an already stout enterprise security infrastructure. A well tuned SIEM product can lend insight into an enterprise’s overall network status – both security related and otherwise. By taking information from varying sources throughout the enterprise, IDS/IPS data, application, firewall, database, etc, and putting this all together.
In addition, a SIEM may also benefit an organization’s compliance program as well. A SIEM on its own will not make and organization compliant, however the log management capabilities can go a long way to helping “prove” an organization’s compliance.
Now, it cannot be left unsaid that the effectiveness of a SIEM is only as good as the data that is being fed into it. That being said, a SIEM may be an excellent “last piece” to an organization’s overall enterprise security puzzle.
Now, for full disclosure, I am currently employed by an SIEM provider…on that note, I have the chance to work with our customers on a daily basis and see the benefits that a SIEM provides first hand. Prior to my current employment, I did not have much experience within the SIEM market. It has been a fascinating experience, working with customers and working with them to discover data and trending that they could not have seen before.