For those of us who work in security, addressing a constant flow of security alerts is an inevitable consequence of the digital age.
A whitepaper from Stratecast authored by Frost & Sullivan VP of Research, Michael Suby (SIEM’s Total Cost of Ownership – Key Considerations) suggests that security alerts will increase in both volume and diversity as enterprise networks and systems expand in parallel with a surging cybercrime community.
Suby says this has created a state of jeopardy for security teams. Clawing out of this state is possible but it might come with significant challenges.
A common solution is simply to hire more security staff, but this automatically adds to an organisation’s recurring costs and is only a temporary fix. Suby says like hiring more staff, investing in workflow improvements isn’t the cybersecurity silver bullet as there will inevitably be a transition period between the old processes and the new that may last longer than expected and not deliver all of the expected improvements.
Suby says as the central nervous system in orchestrating security alert assessments and incident response, Security Information and Event Management (SIEM) is a principal determinant in the total cost of these critical security functions. However, there is a fine line between right and wrong.
“In practice SIEM is either an enabler in reaching a higher tier of productivity and proficiency; or a retardant due to limitations in adaptability, scalability, automation, user intuitiveness, and analytics—and, as a consequence, a contributor to escalating operational costs,” Suby says.
So how do you get it right? LogRhythm has provided free access to the ‘SIEM’s Total Cost of Ownership – Key Considerations’ whitepaper that includes:
- Details of the pressures today’s cybersecurity staff are facing
- Analysis into how SIEM can significantly improve security practices – or make them worse
- The SIEM attributes that exert the greatest influence on cost efficiency and cost predictability