Tracking the Cost, Risk Impact of Security Information and Event Tracking

Any security analysts will tell you that monitoring your network for anomalous traffic, excessive access requests and other general weirdness is an essential cog in your overall security machine. They'll also tell you all those server and firewall logs constitute an incredible volume of information, particularly on large or complicated networks. Manually monitoring it all ceases to be a viable option, at some point.


Security Information and Event Management (SIEM) platforms have emerged as a key tool to compile and distill security information from the whole scope of your security backbone - from security appliances to operating systems to AV software, as well as external sources that scan the Internet at large for trouble. SIEM systems promise near real-time alerts when your network is under attack, which depending on your company's risk profile may be well worth the substantial investment that comes with this technology.


Our partners at Info-Tech Research Group have compiled their extensive review of the SIEM space in the report Vendor Landscape Plus: Security Information & Event Management, which is available free to IT Business Edge members here in the IT Downloads library. The 58-page Powerpoint presentation is a wealth of information, from an overview of the near- and long-term impact of SIEM to implementation advice to a detailed review of leading vendors in the space.


A key element of any tech investment, including SIEM, is projecting the timeline in which it will make a real impact on the business. The Info~Tech team lays out this benefit map in the image below.



The timestamps in the image reflect different impact points for SIEM. As Info~Tech reports:


  1. When first deployed, a SIEM solution will expose the enterprise to all the risk it was missing but that was there anyway. In today's regulated world, if you're not prepared to address that increased risk, you'd best just leave your head in the sand.
  2. As visibility into risk increases, security spend will by necessity increase as new tools or time need to be expended to combat identified risks. Most enterprises don't have unlimited security budgets, so spending initially trails threat exposure.
  3. As the most serious threats are addressed, risk tapers off fairly quickly. At this point, perceived risk and actual risk are being reduced, though levels are likely to be higher than what was perceived for some time.
  4. Spend remains higher for longer as solution deployments must be rationalized and staffing levels finalized. Spend begins to go down when the costs associated with breaches and other threats are eliminated.
  5. In time, and with concentrated effort, SIEM can allow the enterprise to drive risk and spend to lower levels than were previously experienced. As a side benefit, while risk is being addressed, SIEM is also providing compliance reporting benefits that help in other ways.


That's just one slide's worth of valuable insight in this comprehensive presentation. You'll also find a wide range of tips on implementation and budgeting (be sure to evaluate the regulation and compliance profile as you evaluate ongoing staffing costs for your risk management profile) along with the vendor plus/minus review, with detailed and classic quadrant ratings of 10 SIEM vendors.


This presentation is a must for any shop considering a serious investment in security monitoring. Be sure to check it out.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.