10 Tips for Successful SIEM Deployment - EiQ Networks

Copyright © 2015 EiQ Networks, Inc. All rights reserved.

10 Tips For A Successful SIEM Deployment

Copyright © 2015 EiQ Networks, Inc. All rights reserved.2

• SIEM Goals

• Common Challenges

• Tips For A Successful SIEM Deployment

• About EiQ Networks

Agenda


• Remove security-relevant data from silos

• Use correlation and analytics to detect advanced threats

• Meet regulatory compliance requirements

SIEM Goals

Log Mgmt

Config Audit

NetFlow Tools

SNMP Tools

User Monitoring

Threat Intel Tools

Vulnerability Scan

IT Assets


• SIEM solutions have a bad reputation – expensive to deploy and complex to manage

• Challenges– Product complexity– Hidden costs– Ability to get security value– Reactive security posture

Challenges


• Capturing event data

• Capturing the right event data

• Building and tuning alerts

• Actionable reporting and forensics

Product Complexity

44% of organizations report that managing the general complexity of SIEM products is their No. 1 challenge in this area**

** 2012 InformationWeek survey: “IT Pro Ranking: SIEM”


• Plan ahead– What security/compliance use case are you

addressing?– What type of data is appropriate for that

use case?– Prepare devices for collection

• Ask vendors about integration & agents

• Collection / Alerting / Reporting– Take an iterative approach– Consider a managed service

Tips For Reducing Complexity


• Staffing costs– Monitoring– Tuning

• Professional services– Connectors– Integration

• Ongoing costs– Server administration– Maintenance

Hidden Costs


Reducing Hidden Costs

Do-It-Yourself ManagedService

HybridApproach

On-Premises Software

CloudSaaS

HybridSaaS

VendorAdd-On Cost

UniversalParser

Included In Service

Deployment Model

StaffingModel

DeviceIntegration

Explore Your Options


• Console is difficult to use

• Reports are not actionable

• Too much noise

• Shelfware

Ability to get security value


• Think like a hacker– How would you get inside the perimeter?– What would you do next?

• Collect the data that matches the threat model– Don’t just collect from firewalls– Application and database logs are critical

• Realistically assess your security skills and time– Supplement your staff with product and security

experts

Tips for getting security value


• Responding to incidents after they occur

• Long timeframe to investigate & resolve

Reactive Security Posture


• Implement Security Controls– Change controls• Unauthorized devices on the network• New software installed• Configuration changes

– Malware protection is active and updated– Limit network ports, protocols and services– Vulnerabilities are detected and remediated

Proactive Security Monitoring


• Continuous Security Intelligence Platform– SIEM & Log Management – Security Controls Monitoring– Configuration Auditing

EiQ SecureVue®

Automates SANS Critical Security Controls

Easy-to-use Universal Parser


•Managed Service– 24x7 Security Monitoring– SIEM & Log Management SaaS– Deployed On-Premises or in Cloud– Customized alerting, reporting & consultation

• Reactive Security Monitoring– Security incident detection and response guidance

• Proactive Security Monitoring– Security controls monitoring and vulnerability detection

SOCVue® Security Monitoring Service


Please visit www.eiqnetworks.com to learn more

Request a Demo of SecureVue

Request a Free Trial of SOCVue Monitoring Service

Thank You

http://www.eiqnetworks.com/

Technology

10 Tips for Successful SIEM Deployment - EiQ Networks