Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Eight Steps to Migrate Your Security Information and Event Management (SIEM)

exabeam logoIn a large enterprise, the ingestion of security logs, IT system logs and other data sources can easily reach a range of hundreds of thousands to millions of events each day and lead to storing terabytes of logs daily. It’s impossible for humans to manually keep up with this deluge of data, so they turn to security information and event management (SIEM) tools to do the work more efficiently.

With the relentless wave of cyberattacks and data breaches, however, the performance of legacy SIEMs is under scrutiny due to their inability to scale to detect the huge number of threats facing organizations today, and their limitations when it comes to helping security teams investigate and respond to incidents efficiently. In response to this, many enterprises are re-evaluating their SIEM and migrating to new technology.

While this is exciting, migrating a SIEM is no trivial task.

Why Migrate from a Legacy Security Information and Event Management?

The surge in cyberattacks, shortage of qualified security analysts, sheer volume of events and number of devices pumping data into the enterprise SIEM are posing several operational issues. For example, security operations center (SOC) teams universally complain about time wasted by chasing false-positive alerts. The culprit for issues like this is that legacy technology in many SIEMs is completing its second full decade since it was introduced to the market. Four legacy characteristics include:

Excessive logging costs – Charging SIEM usage based on the amount of data ingested and processed is a characteristic of legacy SIEMs, but it never really made sense given that SOC teams benefit from having the most information possible about their environment to detect and investigate incidents. This licensing model penalizes SOC teams for collecting more data and limits capabilities for threat detection and creates blind spots during incident investigations.

Inability to catch unknown threats – The legacy SIEM model typically was based on correlation rules which require analysts to know what they are looking for. But as the variety of threats has risen, reliance on rules has left legacy SIEMs unable to detect unknown and advanced threats such as malicious insiders.

Untraceable distributed attacks – When tracking is substandard, SOC analysts get an incomplete picture of users’ activities. A common scenario in Security Information and Event Management is a lateral movement, where an attacker first breaches a network and then moves around inside an organization, across credentials, devices or login locations. Consequently, the team misses threats and is unable to determine the full scope of attacks.

Manual investigation and remediation – When legacy Security Information and Event Management technology has limited automation, the organization is faced with increased risk and longer exposure to threats. For example, every investigation requires the construction of a timeline to evaluate events and understand their implications for security. For legacy SIEMs, those steps are usually manual and time-consuming.

Solving these legacy issues is a strong motivation for SIEM migration. Before initiating the process of migration, it’s useful for stakeholders to get a big-picture sense of what these steps entail. A few days of planning upfront can save the team weeks of time and help avoid mis-steps later in the process.

Process Flow for Siem Migration

Determine SIEM Priorities – It will typically take 2-4 weeks to identify all of the stakeholders and get a consensus on your top business issues and priorities. When deciding on these priorities, the SIEM migration team must consider the organization’s risk management framework in determining priorities for the SIEM, including compliance with relevant industry guidelines, regulations and statutes.

Related Posts
1 of 658

Select Use Cases – Selection of use cases for the SIEM migration should answer the question: what problems are we trying to solve with the new SIEM?

Examples of typical use cases include protecting against insider threats; identifying compromised credentials, prioritizing security alerts, and more. It’s common for a legacy SIEM to have 50 or even hundreds of use cases. Replicating all legacy use cases may be unnecessary as new technology can eliminate the need to manually manage some scenarios. For example, a new SIEM can reduce the need to create and maintain correlation rules with out-of-the-box detection models.

Scope Data Collection Sources – The ultimate purpose of a SIEM is to allow analysts to quickly detect and remediate security threats. Having a SIEM that integrates data logs from a broad array of IT and security products is essential for effective remediation. Data sources need to map to the use cases identified in the previous step.

Configure Log Sources – Configuration of log sources is a non-trivial process for teams to take on themselves. Investigate provider’s ability to help with standardizing and parsing data sources if assistance if needed.

Prepare SIEM Content – Train SOC analysts in the approach of the new SIEM if you are moving from exclusive reliance on rules triggering alerts to models built using behavioral analytics based on Machine Learning. In most cases, behavioral analytics speeds detection, provides more accurate results, and enables rapid, precise response to critical incidents.

Define Operational Processes – Getting good results from the new SIEM will require SOC analysts to adjust their daily operating processes. Analysts will especially want to know if they have to learn a new query language. A modern SIEM often has a point-and-click interface, which alleviates the need for command line controls.

Establish Benchmark Criteria – Establishing benchmark criteria for the new SIEM will help your organization measure and evaluate its performance. Benchmarks should employ criteria from the management framework or frameworks currently used by your organization. This could be ISO for compliance, PCI DSS for payment security, and operational benchmarks such as search times, mean time to detection, mean time to response, number of alerts closed, and so forth. It’s important to choose metrics carefully in order to accurately gauge success. For example, a modern SIEM’s analytics will often dramatically reduce the number of alerts to be investigated compared to a legacy SIEM

Evaluate Next Steps – The last stage of SIEM migration is evaluating next steps like developing new use cases as business priorities change.

Conclusion

By making the decision to migrate a legacy SIEM, organizations will launch a journey touching many parts of the enterprise. The migration will entail changes to a wide array of people, process and technology.

Process is an integral part of the eight considerations, and implementation will directly affect daily roles of some stakeholders. It’s important for organizations to approach migration with a positive outlook about the new benefits that will appear as a result of this process.

By approaching security with a new SIEM, your enterprise will enable better security and compliance. As the technical enabler, the new SIEM will also help stakeholders be more productive and fruitfully engaged in this vital mission.

Read more: Working in the Era of Digital Transformations

28 Comments
  1. Copper recovery technology says

    Recycled copper material handling Copper scrap dealers Scrap metal sorting
    Copper cable reclaiming, Metal scrap reclamation services, Copper scrap tracking

  2. Metal recovery and reprocessing Ferrous waste recovery and recycling Iron recycling and restoration center

    Ferrous scrap transportation regulations, Iron waste reutilization services, Metal recycling and redistribution

  3. ооо минздрав москва какой аэропорт мальдивы из москвы где в
    москве покупать специи как выехать из
    москвы на псков

  4. октябрьский вокзал в москве и казанский
    как добраться имс москва каширское шоссе фестиваль тиктокеров в москве вклады ткб для физических лиц на сегодня
    обновленные в москве

  5. is het mogelijk om medicijnen zonder voorschrift te krijgen Aristo Muri bei Bern medicijnen online bestellen in België

  6. farmaci disponibile in farmacia a Rotterdam Taro Leuze-en-Hainaut médicaments de qualité supérieure en Belgique

  7. ordina fluoxin online a Torino says

    Farmacia affidabile per farmaci Mabo Verona pharmacie en ligne Espagne médicaments

  8. Bestellung von avomine says

    waar medicijnen vinden sandoz Chalon-sur-Saône
    Acheter médicaments en toute confiance Belgique

  9. prijs van medicijnen zonder recept Mabo Parque San Martín Medikamente in Deutschland rezeptfrei bestellen

  10. Comprimidos similares zydus Lessines medicamentos sin prescripción médica en Quito

  11. médicaments : Avantages et précautions à connaître Gerard Naaldwijk medicijnen kopen in België zonder problemen

  12. Hello! I’ve been following your site for a long time now and finally got the bravery to go ahead and give you a shout out from New
    Caney Tx! Just wanted to mention keep up the good job!

  13. түсінде жүкті әйел көрсе, қыз бала түсінде аяғы ауыр болса нарушение омовения по шафиитскому мазхабу, портится ли омовение
    если покушать оңай жұмбақтар жауабымен, бастауыш сыныпқа
    жұмбақтар арал атауының шығу тарихы, арал теңізі проблемасы

  14. Apotheke für arolef says

    Medikamente mit oder ohne Rezept in Deutschland Unison Rovellasca medicamentos sin receta en Luxemburgo

  15. өзбекстан даму мүмкіндіктерінің болашағы, өзбекстан қазақстан футбол қалыпты
    жағдайда молекуласы екі атомды,
    галогендер деген сөз нені білдіреді
    аура фильтр производитель, фильтр аура себилон отзывы тесто с мясом, штрудли с
    мясом, картошкой и капустой

  16. valontan kaufen in der Schweiz says

    médicaments de pharmacie canadiens Viofar Catania farmaci disponibile senza prescrizione medica a Venezia

  17. kazakhstan says

    купить диски на волгу 31105 в кокшетау,
    диски на волгу 24 костюм молескин, роба кз рестораны усть-каменогорск кшт, ресторан карина усть-каменогорск кшт жүсіпбек аймауытов туралы пікірлер, жүсіпбек аймауытов нақыл сөздері

  18. Сондай-ақ сұрады says

    Magnificent goods from you, man. I have understand
    your stuff prior to and you are just extremely excellent.
    I actually like what you have received here,
    certainly like what you are stating and the best way through
    which you say it. You make it enjoyable and you continue to take care of to keep it smart.
    I can’t wait to read much more from you. This is really a tremendous site.

  19. қуаныш сыйлау да – бақыт, қуаныш сыйлау да
    – бақыт эссе жылдам баяу, ұйқы физиологиясы шприц 2 мл цена в аптеке,
    шприц 2 мл 3-х комп орда тобы – кеш
    мени скачать, орда тобы – окинбеши скачать
    бесплатно

  20. цос мук, платонус мук е-обращение инструкция, е отиниш
    дүние жүзі тарихы тест ент, дүние жүзі тарихы тест
    11 сынып жауаптарымен неге ақтар
    мен қызылдарға бөлінді

  21. расстояние от солнечной системы до ближайшей звезды а центавра примерно равно знак зодиака на 13
    апреля сатурн в телескоп онлайн,
    сатурн сейчас в каком знаке
    молитва от обидчика как действует
    восточной гороскоп для овна

  22. статус многодетной матери егов,
    удостоверение многодетной матери как получить
    тәжірибе нәтижесінде оқушы, оқушы қандай
    болу керек где отметить день рождения
    ребенка 11 лет, где отметить годик
    ребенку алматы ауызша сөйлеу түрі нешеге бөлінеді,
    жазбаша сөйлеу

  23. Scottagori says

    more https://rybelsus.tech/# Semaglutide pharmacy price
    rybelsus price

  24. арман ашимов ufc, арман ашимов статистика төлен әбдіков тақырып, төлен әбдіков ақиқат оқу футбол челси – боруссия дортмунд: прогноз,
    футбол челси – боруссия дортмунд: прогноз жк элемент кск, жк элемент астана

  25. factcheck kz это, factcheck kz википедия автосалоны семей,
    арестованные машины семей кішкене
    ғана тостаған жер дүниені бастаған, кішкене ғана қараша жабайы құстар, жабайы
    құстарға не жатады

  26. мысырда ғылыми білімдердің қандай түрлері
    дамыған, ежелгі египеттегі ғылыми
    білім узнать задолженность за электроэнергию по лицевому счету тараз, аварийная служба
    свет тараз казахстанская фондовая биржа, почему биржа
    закрыта сегодня таным деген
    не психология, таным презентация

  27. заработать без вложений реальные деньги через интернет работа на дому работа в офисе риэлтор подработка москва
    дистанционная работа нерезидента рк

  28. Realiza una compra en línea de medicamentos sin receta
    en Argentina SDG Wiesbaden ricerca indicazioni per l’acquisto di farmaci a Firenze, Italia

Leave A Reply

Your email address will not be published.