nice reading, in addition to SANS paper on benchmarking SIEM.
Posts
DST Issue in Windows 7 Ultimate?, (Sun, Mar 14th)
10 hours ago
Wednesday, November 11, 2009
More on Security Information Event Management (SIEM)
Anton Chuvakin in his blog is discussing SIEM must-have features, use cases, and different users.
Subscribe to:
Post Comments (Atom)
2 comments:
I'm not a big fan of SIEM for many some reasons as follows:
1. Difficult to determine best threshold level.
2. Irregular things over the time become regular.
3. One-Fit-All solution always has limitations.
4. Not effective in Cloud Computing (SaaS).
5. Privacy regulations (Yup)in some countries.
6. Very expensive.
I guess, if you rely on vendors for everything, you will get lost, the implementation should be done by the guys who knows exactly what is on the network, and it will build up with time. but I have to admit that I did not see many satisfied customers.
I would say it is suitable more for a large SOC, when the money is not a big issue.
Post a Comment