Spartak - Fotolia
My organization is highly outsourced; many components (from firewalls and routers to applications and services) are managed by third parties. Now we're interested in a security information and event management system or a similar event-correlation/analysis product. Do you have advice for effectively implementing and managing SIEM in such an environment? Is it possible?
It's good to see that you're interested in staying on top of your various security controls and ensuring you have a means for seeing the bigger picture. Many organizations will outsource devices and applications and then expect that every vendor is going to take care of things and prevent the next big breach. It's not that simple.
Sure, anything is possible. I've heard it said that if you have a big enough "why" you'll figure out the "how." As complex as your network sounds, it's a good idea to do what you can and adopt a security information and event management (SIEM) system or other such product because this complexity can end up being the enemy of everything you're trying to accomplish with security. In fact, SIEM systems are even more important for complex environments.
Here's what you need to do to find the best SIEM system for your environment:
- Determine your existing information risks across your entire environment -- including risks associated with each of your outsourced systems. A fairly high-level technical security review should be all you need to do.
- Prioritize the systems that need the most attention.
- Work with your existing vendors to see how they can interact with SIEM. They may have their own system that's extensible to other technologies or may be able to recommend one to you.
- Review the various SIEM offerings -- including those that are cloud-based such as Dell SecureWorks and AlertLogic -- to determine the best fit for all of your disparate systems.
- Note that traditional "SIEM" may not be what you need. Perhaps a network analyzer such as WildPackets' OmniPeek or TamoSoft's NetResident can provide you with the visibility you need.
- Perhaps most importantly, don't be afraid to get -- and keep -- your existing vendors on board and in touch to ensure that everyone knows they're being held accountable.
Of course, it'll be a bit more complex than this 30,000-foot view, but this formula should put you on the path to success.
Ask the Expert!
Have a question about network security? Send it via email today! (All questions are anonymous.)
View our Security School on improving security with SIEM.
Learn how SIEM can help identify unauthorized access attempts.
Dig Deeper on SIEM, log management and big data security analytics
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading