The SIEM as we know has evolved so, I found the following questions from AlienVault presentation as something that is short and sweet.
From the Article:
==========================
- How long from installation to security insight?
- Integration work measured in years, months or hours?
- Do you simply integrate data from security tools (SIEM), or embed tools and orchestrate into effective incident response workflows (USM)? e.g. asset inventories. IDS. vulnerability scans. netfls, etc.
- What is the real TCO - licensing, consulting, implementation and maintenance/tuning fees?
- A list of alarms or step-by-step instructions on how to confirm, respond and mitigate threats?
- Is there a community for threat sharing? If so, how large, broad and open?
==========================
#1 and #2 are related to the my 3I (Installation, Implementation, Integration). ( it will still fail if there is no Planning AND commitment from all stakeholders)
#3 can get value from existing data sources
#4 is where we are turned in to fools by Vendors.
#5 is where Target failed ( Incident Response Failure).
#6 The answer normally is "YES" but, the reality could be different
The Full Presentation is available at the link below:
No comments:
Post a Comment