Operationizing Information Security - Putting the Top 10 SIEM Best Practices To Work
Processes, Metrics and Technologies
By Scott Gordon
Copyright 2010 Scott Gordon
“Ask any security practitioner about their holy grail and the answer is twofold: They want one alert specifying exactly what is broken, on just the relevant events, with the ability to learn the extent of the damage. They need to pare down billions of events into actionable information. Second, they want to make the auditor go away as quickly and painlessly as possible, which requires them to streamline both the preparation and presentation aspects of the audit process. SIEM and Log Management tools have emerged to address these needs and continue to generate a tremendous amount of interest in the market, given the compelling use cases for the technologies.
Michael Rothman, Security Industry Analyst and President of Securosis 1