industry unlocked
Other things to consider may be less
obvious, but are just as important,
such as:
• Does the SIEM provide enough
native support for all relevant log
sources? It will be integrating a lot of
data from a lot of different sources.
Be sure the chosen toolset matches
well with the types of devices from
which it will be collecting and
analysing information.
• If the SIEM doesn’t have native
support for a relevant log source,
how quickly and easily can it
be created, and can it support
custom log sources for applications
developed in the organisation?
Government IT teams will often have
to develop bespoke applications
to handle their unique activities,
so choose a tool that can easily
be extended to support new data
sources as needed.
www.intelligentciso.com
|
Issue 19
• How well, and quickly, can the SIEM
tool analyse data? The quicker the
IT security team can identify and
contain threats, the more secure the
organisation and its data. Reducing
the time to detection (TTD) is critical
Choose a SIEM tool
with the ability to
provide advanced
analysis quickly,
with little security
team intervention to
free up their time for
other tasks.
to prevent exposure, data loss and
compromise. Choose a SIEM tool
with the ability to provide advanced
analysis quickly, with little security
team intervention to free up their time
for other tasks.
• Does the SIEM include useful,
relevant, easy-to-use out-of-the-box
reports? The value in the visibility
provided through SIEM software is
the ability to see one report or one
chart encompassing a vast amount
of data. Be sure the organisation’s
chosen tool provides templates
that can be easily implemented and
just as easily customised where
necessary. The quicker the tool
is up and running, the quicker
security threats can be identified
and thwarted.
• Does the SIEM make it easy to
explore the log data and generate
custom reports from this? Out-of-
the-box reports are always useful,
45