Spartak - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Finding the best SIEM system for an outsourced IT environment

When an organization has a highly outsourced IT environment, it is critical to use a SIEM system to reduce security complexity and identify threats. However, finding the proper system can be challenging. Kevin Beaver offers tips for success.

My organization is highly outsourced; many components (from firewalls and routers to applications and services) are managed by third parties. Now we're interested in a security information and event management system or a similar event-correlation/analysis product. Do you have advice for effectively implementing and managing SIEM in such an environment? Is it possible?

It's good to see that you're interested in staying on top of your various security controls and ensuring you have a means for seeing the bigger picture. Many organizations will outsource devices and applications and then expect that every vendor is going to take care of things and prevent the next big breach. It's not that simple.

Sure, anything is possible. I've heard it said that if you have a big enough "why" you'll figure out the "how." As complex as your network sounds, it's a good idea to do what you can and adopt a security information and event management (SIEM) system or other such product because this complexity can end up being the enemy of everything you're trying to accomplish with security. In fact, SIEM systems are even more important for complex environments.

Here's what you need to do to find the best SIEM system for your environment:

  • Determine your existing information risks across your entire environment -- including risks associated with each of your outsourced systems. A fairly high-level technical security review should be all you need to do.
  • Prioritize the systems that need the most attention.
  • Work with your existing vendors to see how they can interact with SIEM. They may have their own system that's extensible to other technologies or may be able to recommend one to you.
  • Review the various SIEM offerings -- including those that are cloud-based such as Dell SecureWorks and AlertLogic -- to determine the best fit for all of your disparate systems.
  • Note that traditional "SIEM" may not be what you need. Perhaps a network analyzer such as WildPackets' OmniPeek or TamoSoft's NetResident can provide you with the visibility you need.
  • Perhaps most importantly, don't be afraid to get -- and keep -- your existing vendors on board and in touch to ensure that everyone knows they're being held accountable.

Of course, it'll be a bit more complex than this 30,000-foot view, but this formula should put you on the path to success.

Ask the Expert!
Have a question about network security? Send it via email today! (All questions are anonymous.)

Next Steps

View our Security School on improving security with SIEM.

Learn how SIEM can help identify unauthorized access attempts.

This was last published in September 2014

Dig Deeper on SIEM, log management and big data security analytics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.