How to choose the SIEM system, which really suits your organization’s needs

            Despite there are numerous SIEM systems available on the market, their functionality varies significantly.
            When choosing the solution, it’s crucial to examine  the conditions  of implementation,  usage and tasks,
            which the SIEM system is capable solving.



            Which aspects are recommended to consider:

            1. Speed of implementation and functionality, available “out-of-the-box”

            14%  of  respondents,  who  took  part  in  the  survey  by  SearchInform  stated  potential  labor  costs  for
            implementation,  configuration  and  customization  of  a  SIEM  system  as  the  prerequisites,  why  their
            companies  didn’t purchase a SIEM. However,  there are solutions, which work out-of-the-box  and don’t
            require serious labor costs. The system should be deployed quickly, don’t interrupt business processes
            or cause conflicts with IT infrastructure. Immediately upon the deployment SIEM should efficiently reveal
            software&hardware  failures, targeted attacks, potentially dangerous users’ actions.

            2. Simplicity of administration

            Most part of respondents claim that it’s a very complicated task for them to work with the SIEM system.
            That’s why when choosing protective solution companies should assess the system’s usability: IS and IT
            specialists with almost any experience should be able to work with the system. For example, to configure
            correlation  rules  in  some  SIEM  class  solutions,  it’s  required  to  have  some  programming  skills.  In
            SearchInform SIEM this task was eased as much as possible: such rules can be configured in just a few
            clicks.


            3. Cost of SIEM system ownership and licensing model
            SIEM system should offer the transparent system of licensing to make sure that customers can optimize
            budgets, allocated on protection of infrastructure. For example, if SIEM system licensing system is based
            on the number of hosts, customer will initially understand how much the deployment will cost.

            It’s also important  to understand  that implementation  of SIEM system  can be accompanied  with some
            other ongoing expenditures, thus, it’s also required to pay attention to the hardware requirements. In case
            the requirements are high, the server, for example, will be expensive and not any SME will be capable of
            purchasing such system.



            Why SIEM system is important for ensuring protection of small companies

            Cyber  threat  landscapes  evolve  permanently  and  new  risks  occur  regularly.  These  risks  should  be
            detected  just in time. Detection of security events and timely response  to them will reduce the threats,
            related to cyber attacks in small companies.

            SIEM  systems  enable  to  combine  functionality  of  a few  tools:  accumulate  details  on  security  events,
            ensure monitoring of infrastructure hardware, reveal incident in the link of events and notify IS officer.




            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          255
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.