Pratum Blog

Most businesses understand the need for 24/7 security log monitoring, but deciding how SIEM should be managed is an entirely different conversation. Security and technology teams constantly debate on whether SIEM should be handled on-premise or by a managed security services provider (MSSP). The following infographic is designed to help give insight into the current security monitoring landscape, and poses a few very important questions that every organization should be prepared to answer. Some organizations are built to handle on-premise SIEM, but many must rely on expert MSSPs. Which one is right for your business?

I need help understanding Managed SIEM

Managed SIEM vs In-house SIEM Solution

Things to consider when making your decision - On-premise vs. MSSP SIEM

SIEM: The Helpful Eye in the Sky

Security Information and Event Management (SIEM) plays a critical role in analyzing and identifying security incidents and data breaches. SIEM utilizes real-time data collection and historical analysis to provide a holistic view into an organization’s security alerts and activities.Without it, an organization will find it difficult to identify cyberattacks in a timely manner. SIEM gives the ability to see which types of attacks are occurring, when they happen, where they are coming from, and how they are attempting to get in.

Is Your Organization Prepared to Manage SIEM On-premise?

When it comes to being organized and following through with security programs, where does the average business stand? Recent studies surveyed businesses and organizations across the country to rate how well their information security programs have prepared them to deal with security incidents and attacks.

SECURITY CONFIDENCE LEVEL

Information provided from Ponemon Institue Study
Only 20% of organizations have someone continually monitoring their network
62% of executives don’t feel their organizations are prepared to respond to a data breach
43% f organizations do not have training and awareness programs for employees and other stakeholders who have access to sensitive or confidential personal information

Alarming Stats from Executives

41% have no set time period for reviewing and updating their data breach plan
37% have not reviewed or updated security since the plan was put in place
44% do not continuously monitor their event logs or are unsure of how often systems are monitored

IF YOU ARE CONSIDERING AN ON-PREMISE SIEM SOLUTION, ANSWER THE FOLLOWING QUESTIONS

MONEY

Are you prepared to pay the high initial capital investmen or ongoing staffing and operational costs of an individual SIEM solutions?

Are you ready to increase your workforce to handle the demands of on-premise SIEM?

TIME

Can your team dedicate the appropriate amount of time to reviewing logs and customizing alerts to weed out false positives without impacting daily operations?

EXPERTISE

Do you have expert SIEM Analysts on staff who can successfully implement SIEM into your security program and properly tune correlation engine rules and audit settings?

IF YOU ANSWERED NO TO ANY OF THESE QUESTIONS, YOUR ORGANIZATION MAY WANT TO CONSIDER AN MSSP.

SIEM from an MSSP

Manage security service providers are an objective resource that help assess critical assets and determine security needs. Properly trained security engineers have extensive investigative skills and are prepared to quickly respond to security incidents. By working with an MSSP you will have 24/7 security support, with a tailored SIEM solution aligned with your business goals and objectives.

Ponemon Institute - http://www.experian.com/blogs/data-breach/2014/09/30/data-breach-preparedness-study-good-news-bad-news-and-an-empowering-conclusion/
Verizon Data Breach Report 2015
http://www.experian.com/assets/data-breach/brochures/2014-ponemon-2nd-annual-preparedness


Get our blog posts delivered to your inbox: