In the first part of this four-part series, we covered the need for Security Information and Event Management (SIEM) solutions and explained the fundamentals. In the second part, we will be covering different types of SIEM solutions out there. Based on your company’s needs, ability to invest time, money, and internal capacities, and based on the level of maturity of your internal security team, there are different types of SIEM solutions to choose from.
Implementing SIEM as a part of an organization’s security posture is possible in three modes: in-house, cloud-based, and managed.
In this setup, the organization exercises ultimate control on their SIEM solution. They purchase the required hardware and software to implement this solution at their physical facility. As a matter of general practice, SIEM becomes a part of an organization’s Security Operations Center (SOC). An organization can customize this in-house SIEM to meet its security needs and push updates as it wishes.
However, there is no involvement of third-party, and all security-related information remains in-house. The organization becomes solely responsible for integrating an in-house SIEM setup with existing systems, configuring log sources, customizing alerts, and training employees. In-house SIEM setups require a high initial investment and subsequent costs for maintenance, patches, and updates.
Have an internal SOC, but not enough qualified staff to triage SOC alerts? Leave the heavy work to LIFARS, your trusted cybersecurity advisors with our Managed Incident Response.
This mode has gained significant popularity with the global adoption of cloud computing technology. Cloud-based SIEM solutions are subscription-based, and your responsibilities for maintaining hardware are minimal. Instead of investing a significant amount upfront, organizations have to opt for monthly or annual subscriptions. Customers can decide on the implementation of SIEM for their organization, and there is no reliance on third parties. The trade-off here is the availability of an organization’s security data at locations that are not directly owned or controlled by the organization. From our experience, we have often encountered situations where organizations have not been able to utilize the full potential of SIEM solutions in this model.
This model can involve either in-house SIEM or cloud-based SIEM implementation, but with the help of necessary expertise from the service provider. A customer does not need to entirely rely on its internal security team as the vendor would provide support during the implementation. A managed SIEM solution is hosted on the vendor’s server and monitors client network for potential security threats. Primary reasons for choosing managed SIEM solutions are faster deployment, negligible maintenance, flexible pricing options, and availability of SIEM experts on call.
Choosing a SIEM solution is an important decision for an organization’s security posture. There are different types of SIEM solutions to choose from. To find out more about the main capabilities of SIEM solutions, stay tuned for the Part 3 of this series.
Definition of Security Information and Event Management (Gartner)
Data Breach Response Times: Trends and Tips (Varonis)