How to define SIEM strategy, management and success in the enterprise
A comprehensive collection of articles, videos and more, hand-picked by our editors
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Once you establish a central log repository, the next step is to introduce centralized analysis techniques. Many organizations fulfill this requirement through the use of a security incident management (SIM) device. A SIM allows you to add a degree of automation to your log analysis process. You can create rules that analyze logs, aggregated from various devices, for patterns of suspicious activity.
The main stumbling block many organizations face when deciding whether to implement centralized logging and/or SIMs is the investment of time and resources necessary to get such an implementation off the ground. Depending upon how long you decide to retain records (many organizations choose to keep them for at least a year), logs can consume massive quantities of disk space. Additionally, SIMs require a significant amount of configuration and tuning to optimize for a particular enterprise.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.