Anton Chuvakin evaluates SIEM tools and services, and discusses strategies that you can use to take advantage of next-generation SIEM for internal and external threat management.
Organizations have invested in security information event management to monitor and analyze events and user activities, largely by aggregating log data. Many companies have faced numerous challenges taking advantage of their SIEM investments and, if anything, the technology is growing more complex. Vendors are integrating SIEM with proprietary threat intelligence, endpoint security products and operations software, and even offering co-managed SIEM and monitoring services. Chuvakin explains how to evaluate these tools and services, and explores the strategies that some organizations have used to take advantage of next-generation SIEM for internal and external threat management.
In this edition of Beyond the Page, Anton Chuvakin offers Information Security magazine readers a multimedia presentation that discusses strategies that you can use to take advantage of next-generation SIEM for internal and external threat management.
View the video
Using threat intelligence with SIEM products
Threat intelligence is not hard to integrate with most SIEM products. Here's how to take advantage of your vendor's threat data and other intelligence sources.
About the author
Anton Chuvakin, Ph.D., is a research vice president at Gartner for the Technical Professionals' Security and Risk Management group. As a recognized expert in log management and PCI compliance, Dr. Chuvakin has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. He is an author of "Security Warrior" and "PCI Compliance." For more, check out his Gartner blog, personal blog or follow him on Twitter @anton_chuvakin.