SIEM: Be prepared!
SIEM This is not new to the market, but its adoption is. According to the research institute Gartner, event management and information security (SIEM) It is one of the fastest growing technologies in the coming years. The solution is the ball of the day and the consumer dream of many organizations. But let's say it's a Ferrari. Buying a Ferrari is no use if you can't fly a Beetle. Many companies want to invest in SIEM, but have not yet formalized their policies and their area of Information Security (IS) well structured and scaled.
SIEM It is a complex project that involves most of the company's systems, resulting in a significant increase in data volume. Some tools even have the ability to analyze over 1.3 million transactions per minute.
Are you prepared to have a complete view of your business, its processes and all its vulnerabilities?
Will your company have the arm to solve all the calls, to analyze and parameterize the data? One thing is certain, the SIEM puts a magnifying glass on IS events that the company would never have imagined.
It is natural for companies to feel the need to implement a solution for SIEMAfter all we are talking about a complete tool. Over the years, companies accumulate a large amount of data, and IT environments become increasingly difficult to manage. A recent survey of Ernst & Young, held between May and July 2012, showed that companies recognize that the risk scenario is changing. According to the study, 80% respondents agree that there is a growing level of external threats, and nearly half say that internal vulnerability is increasing.
The big X of the matter is that a system of SIEM It should not be viewed as a design tool, but on the contrary. Before implementing such a system, you must have a well-designed project so that technology can help with processes. The data obtained in SIEM they must be consolidated, correlated, compared so that the best decision making can be defined. And that these are effectively carried out.
If the company's policies are not well defined, and the IS area has no autonomy to take the necessary actions during the monitoring process - already aligned with the other areas involved in the company, such as IT, internal audit and compliance, and even In the business area _, an action taken may cause internal quarrels and disputes over "powers", leading the IS area to be a "persona non grata" within the company, for being too involved in the processes of other areas.
A company familiar with security tools, with established processes, and especially policies that are already regulated and enforced, should undoubtedly think about SIEM as a state of the art Information Security solution. However, it is recommended to develop a project (roadmap) before implementing the SIEM, to ensure the functionality, policies, metrics and scalability of the tool. For example, when starting with more critical systems and with less data, results can be faster and more assertive.
Despite the low use in the country, Brazilian companies, especially in the financial sector, which already have a greater tendency to look for security tools, are already looking for the solution. SIEM. But some hurdles are still frequent, such as cost (good tools and consulting are expensive) and time for the tool to mature in the enterprise environment.
To circumvent this, there are already companies that make this technology available as a service, where it is possible to pay the monthly subscription, reducing the acquisition cost and the time for the tool to bring results in the IT environment. What's more, the solution can offer priceless savings through risk mitigation and brand degradation.