PiChris - Fotolia

One SIEM does not fit all

Despite all the fanfare and hullabaloo SIEM isn’t always the right answer for the channel, says Aidan Simister, regional director at Lepide Software

SIEM was greeted by the industry with open arms  as a vital new component to help companies realise their wildest dreams of success.

And while it has certainly been a valuable addition to many organisations’ IT infrastructure the reality is a lot of VARs and MSP’s failed to see the promised riches materialise in their business.

SIEM is of real value when it is implemented and configured correctly and the security teams around it are trained properly. However, stories of SIEM success are regularly interspersed with failures and stalled deployments.

While SIEM provides real value to those few organisations who have deployed it correctly, for most organisations it’s overkill, over-budget and out of capability.

Lepide often speaks to organisations who are looking to improve their auditing and monitoring capabilities for security, systems management and compliance and they are often mid-sized organisations with modest budgets, and limited IT resources that simply don’t fit the profile of an archetypal SIEM user.

There was, and still is, a lot of hype around the SIEM opportunity for the channel but for those selling into the mid-market and the SMB the fact is very few monetise their relationships in this area and SIEM truly is a case of bringing a sledgehammer to a fight with a walnut.

Often this comes down to incorrect planning for the SIEM implementation. Purchasers will often fail to ensure adequate manpower available to maintain the SIEM system, for example, with experts saying anywhere between four to a dozen individuals can be required to adequately run it. Failing to efficiently measure the scope that the implementation will be required to work within is another major issue while too often buyers are blinded by fancy features that are non-critical to ensuring a secure environment while failing to  ensure the basics are adequately covered.

Indeed, SIEM has a re-occurring  issue with ignoring the basics as it concentrates on the more complex issues at hand. It often struggles to answer the most fundamental and basic questions quickly or easily. At the recent  RSA event in Singapore, Lepide spoke to 100 organisations using SIEM solutions and less than 10 of them could answer basic questions around the ‘who, what, where and when’ of changes made to critical IT systems.

On another wider level SIEM is also finding itself being potentially cast adrift in the sea of big data flowing through enterprises.

To put it simply SIEM is in danger of looking out of date already in the age of the Internet of Things. Keeping a grip on the vast amounts of unstructured data being generated through your company is often beyond traditional SIEM.

In the new collaborative economy companies are spreading out in all directions by abandoning network boundaries, connecting with partners and suppliers and allowing workers to remote work and bring their own devices to work.

The threats are constantly changing and so is the area of risk. It's in a perpetual  state of flux.

The requirement for a fresh look at the effectiveness of SIEM was further  highlighted by the US government itself this summer when an embarrassing breach saw almost four million sensitive records leaked.

While no vendor can offer a silver bullet to all ills and there is no such thing as a get rich quick scheme the fact is that vendors that can now provide auditing and monitoring solutions into  a relatively mature market are presenting a tangible alternative for the channel. And that's Irrespective of whether you’re a VAR, MSP or a service provider and regardless of the sector or size you focus on.

The time has come for users to take a closer look at getting the basics right and understand that SIEM is an answer but not the only answer.


Read more on Data Protection Services