SIEM: A worthwhile security tool that requires care in use
Conclusion: Many vendors, consultants and managed service providers are pushing ‘security information and event management’ (SIEM) as a panacea to security failings. The intent is correct. Having visibility of what is or has happened in the infrastructure is essential to detecting and responding to intrusions.
What often gets glossed over is that SIEM is a tool, not a complete solution in itself. Deployment requires deep engagement with the IT operations team and a clear vision of what is expected from the SIEM. The vision will be driven by how SIEM will be used, what outcomes would be expected and how its use would evolve over time.
With careful planning prior to deployment, some, if not most, of these issues can be addressed.
About The Advisor
Peter Sandilands is an IBRS advisor who specialises in cyber security, risk and compliance. Peter has over 40 years’ experience in the IT industry with the last 20 years focused on security. He has spoken at conferences and industry briefings across Asia Pacific. Peter was instrumental in the introduction of Check Point Software to Australia, leading the operation for five years. Prior to that Peter was a key strategist in the broadening of Novell’s market across Asia Pacific. Since then he has spent nearly 10 years working for large Australian companies in banking, mining and transport delivering security strategy, security architecture and compliance assessments. Peter has also assisted overseas security vendors enter the Australian market with a focus on the strategic use of the products. As a casual academic at UTS for over 20 years, Peter lectured in network security, Cloud security and networking technologies. With his experience across vendors, channel and business, Peter brings a pragmatic approach to implementing and assessing cyber security. Peter has a Master's of Cyber Security from Charles Sturt University.