Security Management 2.5: Replacing Your SIEM Yet?By Adrian Lane
Has your SIEM failed to meet expectations despite significant investment? Has your platform failed to keep up with emerging threats and scalability requirements? If you are questioning whether your existing product or service can get the job done, you are not alone. Given the rapid evolution of requirements, and the changing needs of enterprise users, it is no surprise that many vendors have been passed by as they work to address market demands from 4 years ago. You are likely more than a little frustrated by the difficulty of managing, scaling, and actually doing something useful with SIEM. But there comes a point where the futility of riding a mule in a horse race becomes obvious, and then it’s time to find a replacement steed.
Security Management 2.5: Replacing Your SIEM Yet? takes a candid look at the emerging needs of SIEM users and how changes have made some platforms obsolete. In this research paper we discuss the specific customer demands that have forced SIEM evolution, as well as the technical capabilities that should be present to meet these requirements. We then walk through each aspect of the decision process to determine whether you should stay with your incumbent vendor or find a replacement. We provide a complete process to migrate – if the benefits outweigh the risks. This includes figuring out your requirements, whether your existing platform can meets them, and if not then how to select a new platform to make sure you don’t make the same mistakes again. Here is the table of contents, so you can get an idea of the paper’s depth.
It is pretty comprehensive, and we understand it’s a handful, but we packed it with all the information needed to make an educated decision. We would like to thank IBM and McAfee for licensing this research.