SIEM 101: Managing Your Information Security - Sumo Logic
Sign Up Free Request Demo

SIEM 101: Managing Your Information Security

Your Guide to Security Information and Event Management

Subscribe to RSS

Topic Filter

Done
 

Modern digital infrastructure and apps continue to get more complex, presenting new vulnerabilities and potential security threats. However, many organizations continue to rely on traditional SIEM solutions, which often don’t have the flexibility or scalability needed to protect modern IT operations. Sumo Logic’s guide to SIEM explains traditional SIEM solutions, modern security needs, and how organizations can adapt to ever-evolving threats.

What Is SIEM?

Security Incident Event Management

Security information and event management (SIEM) marries two previously separate focus areas. It combines approaches to security information management—the long term plan to keeping a network safe—with event management, which is the response to individual threats. In a big data age when automation and machine learning are changing how business and infrastructure are managed, SIEM considerations play an increasingly critical role, particularly in continuous delivery environments.

Who Uses SIEM?

SIEM gathers and analyzes data from all network devices and input points, creating a haystack of data where dangerous needles of activity can lay buried in waiting. Decision makers in the modern technology environment turn to SIEM approaches to address three critical focus areas:

  • Security. Online threats and predators multiply exponentially and combating them individually is impossible. SIEM helps your operation defend and inoculate itself against a constant tidal wave of malicious activity while maintaining strong security.
  • Operations. Quickly evolving environments, particularly continuous delivery models, are never static. As they constantly evolve, so too must the dexterity and speed with which teams can deliver seamless user experience.
  • Compliance. Doing business online often requires strict adherence to industry and governmental regulations such as Payment Card Industry (PCI) standards for transactions or HIPAA regulations for healthcare information privacy. A thorough SIEM plan automatically compiles and reports in all relevant compliance areas.

By providing a safer, more efficient environment that automatically complies with complex security adherence and reporting, a SIEM approach can speed and simplify business operations.

Common SIEM Approaches

There are a variety of ways to implement SIEM in your environment, with factors like scale, personnel, resources and budget playing roles in the fit that’s best for you. Here are the most popular configurations:

Self-hosted, self-managed. Large, well staffed data ecosystems with proprietary systems may find an internal approach to SIEM. In this environment security data is gathered, analyzed, marked up with highlights, analyzed again, presented, and acted upon using internal resources and staff.

Cloud-hosted, self-managed. This method virtualizes the physical resources involved in SIEM but still relies on internal expertise to operate.

Hybrid-hosted, self-managed. Gives organizations the flexibility to split resources between internal (increasingly legacy) devices and a virtual platform, but SIEM management still requires internal expertise.

SIEM-as-a-Service. Perhaps the fastest-growing security approach, this offloads the security, operational and compliance overhead of security information and event management to a specialized, qualified partner.

However you attempt a SIEM solution, proper planning and realistic deployment schedules are critical to bringing it successfully online.

When Is SIEM Not the Right Solution?

With organizations no one SIEM size fits all. In fact there are instances where it may not be the right approach for your business model. Consider these three big questions before attempting to deploy a SIEM implementation in your environment.

  1. Do you have the right staff? SIEM is a 24/7/365 commitment and many organizations simply aren’t outfitted for this approach.
  2. Do you have the budget? Deploying SIEM is a process with real costs in time, money and operation. It may be that another security model better fits your need.
  3. Are you completely ingesting key data? Any SIEM solution, hosted or outsourced, is only as reliable as its data sources. If you lack the expertise or resources to design a comprehensive data ingestion model, SIEM will not deliver the results you need.

Depending on the size and scale of your organization an alternative – a security analytics approach – may prove more compatible with your dynamically scaling cloud or cloud hybrid environment. Furthermore, it has been argued that SIEM is no longer a viable system. Before you commit to SIEM, make sure that you have examined all of the options for managing your platform’s security in the cloud age.

 

Back to top

Request A Free Sumo Logic Demo

Fill out the form below and a Sumo Logic representative will contact you to schedule your free demo.
“Sumo Logic brings everything together into one interface where we can quickly scan across 1,000 servers and gigabytes of logs and quickly identify problems. It’s awesome software and awesome support.”

Jon Dokuli,
VP of Engineering

Thank you for signing up for Sumo Logic.

We are creating your account now.
Please check your email.
Need more help? Contact Us
Sign up for Sumo Logic Free*
Sign up for Sumo Logic Free*
  • No credit card required to sign-up
  • Create your account in minutes
  • No expiration date*
  • *After 30 day trial period, reverts to Sumo Logic Free
    • Please Enter your email address.
    • Please enter a valid email address.
    • This email is already in use for another account.
    • Please use your company email to create an account.
    • Please agree to the Service License.
    • Free trial provisioning is temporarily offline, please call 855-LOG-SUMO to get started.
    View All Pricing Options
    Already have an account? Login