Wednesday, November 11, 2009

More on Security Information Event Management (SIEM)

Anton Chuvakin in his blog is discussing SIEM must-have features, use cases, and different users.
nice reading, in addition to SANS paper on benchmarking SIEM.


Anonymous said...

I'm not a big fan of SIEM for many some reasons as follows:

1. Difficult to determine best threshold level.

2. Irregular things over the time become regular.

3. One-Fit-All solution always has limitations.

4. Not effective in Cloud Computing (SaaS).

5. Privacy regulations (Yup)in some countries.

6. Very expensive.

Unknown said...

I guess, if you rely on vendors for everything, you will get lost, the implementation should be done by the guys who knows exactly what is on the network, and it will build up with time. but I have to admit that I did not see many satisfied customers.
I would say it is suitable more for a large SOC, when the money is not a big issue.