Story image

Look before you leap: How to select the best SIEM for your business

23 Jul 2018

You don’t have to venture far into cybersecurity solutions to come across the word ‘SIEM’, or Security Information and Event Management.

SIEM is one of the driving forces behind intelligent cybersecurity. With its ability to analyse security event data in real time, detect anomalies in user behaviour, monitor applications, inbuilt threat intelligence and log management features, it’s clear that SIEM is not a one-trick pony.

With so many SIEM solutions on the market that offer a range of similar and different tools, businesses shouldn’t be too quick to make a convenient purchase.

Before investing in a SIEM tool, an organisation should carefully assess whether it actually matches its security requirements.

Here's what you need to consider when selecting a SIEM solution:

What capabilities does the SIEM solution provide?

One of the most important factors to consider is what capabilities it can provide out-of-the-box. Many tools require complex configuration before they can be used, which make them inappropriate for organisations without skilled in-house security teams.

According to Gartner, core SIEM capabilities include:

  • Real-time monitoring
  • Threat intelligence
  • Behaviour profiling
  • User monitoring
  • Application monitoring
  • Advanced analytics
  • Log management and reporting
  • Simplicity of deployment and support

Can the SIEM solution cope with your organisation’s data flows?

It is also important to assess how well the tool will be able to monitor the volume of data being generated by the organisation's IT infrastructure. If it can't deal with the constant flow, it will be unlikely to add the value expected by the security team.

Will the SIEM solution generate too many nuisance alarms?

The tool should also not trigger too many security alarms. If it is constantly providing alerts of potential low-level security threats, IT teams will quickly become overwhelmed and may miss critical alerts when they actually occur.

The UI might look great; but is the search function up to scratch?

Rather than being swayed by slick user interfaces, those assessing potential SIEM tools should focus on two key criteria - how good is the search function is, and how powerful the underlying analytics engine is. Both are critical for effective security.

Start your SIEM journey with LogRhythm

LogRhythm was placed as a Leader in Gartner’s 2017 Gartner Magic Quadrant for SIEM and is trusted by organisations such as NASA, Unisys, and Fujitsu.

LogRhythm NextGen SIEM Platform also fuses UEBA (User and Entity Behaviour Analytics) to help detect and respond to anomalous user behaviour. This can make a major difference to your organisation's security, for example in the case where an unauthorised person from an unknown IP address is using an employee's credentials as part of a login attempt. 

These are just the tip of the iceberg when it comes to your due diligence for SIEM solutions - don't settle for a one-size-fits-all approach. Your organisation deserves comprehensive security.

Find out more about LogRhythm's NextGen SIEM solution now.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.