SIEM Montage: Top 10 Things to Know

Mosaic’s Montage is a series here at Mosaic Security Research. Using Mosaic’s extensive research database, we’ll consolidate information about a product category in a quick-hit manner. The goal is to combine a quick summary of the topic, highlight key vendors in the workspace, industry news, and noteworthy research that’s being done in the area.

This topic is Security Information and Event Management (SIEM) and Hosted/Managed SIEM. To contribute to this topic, email, DM us, or comment below. You might want to subscribe to the newsletter (spam-free) or RSS feed for updates.

Top 10 Things to Know About SIEM
1. Definition (What is it?)	SIEM stands for Security Information and Event Management. SIEM tools help correlate network and system events. SIEM is also seen as SEIM, SIM/SEM, and is often referred to during discussions about log management and incident response. SIEM is used for compliance (log management) and threat management (monitoring).
2. Use Cases (Case studies)	Consulting / Services WNS Global Services (ArcSight) Education University of Nottingham (LogRhythm) University of Maryland University College (ArcSight) Financial Services Amarillo National Bank (Prism) Fortis Bank Hong Kong (LogRhythm) Government State of Ohio (Correlog)	Healthcare Medfusion (RSA) McKesson (RSA) Insurance Endsleigh Insurance Services (LogRhythm) Capital BlueCross (ArcSight) Manufacturing BMW Group (ArcSight) Tyson Foods (ArcSight)	Retail Red Robin (NetIQ) Talbots (Prism) Technology NetApp (ArcSight) McAfee (ArcSight) Telecom TELUS Customer Profile (RSA) Chunghwa Telecom (ArcSight) Transportation AirTran Airways (ArcSight)
3. Selection Tools	Download your comprehensive SIEM vendor comparison chart, where you can build your requirements list and generate a shortlist.
4. Large Companies (1000+ Employees)	Check Point Software Technologies Ltd. Enterasys Networks Fortinet Inc HP ArcSight	IBM Corporation McAfee, Inc NetIQ Corporation Novell Inc Progress Software Corporation	Quest Software RSA Security SecureWorks Symantec Corporation
5. Small & Medium-sized Companies	Alert Logic Inc AlienVault Araknos Argent Software Assuria Augur Systems Centra Comm Communications Clone Systems CorreLog CounterSnipe LLC Courion Corporation Cyberoam eG Innovations eIQnetworks En Pointe Technologies GFI Software GroundWork Open Source	Ipswitch Loglogic Inc LogMatrix LogRhythm NetForensics Netikus Netvision NetWitness Network Instruments Llc NetWrix Corp. Nevis Networks NitroSecurity Nowell Group Pivot Point Security Prism Microsystems Q1 Labs Inc Rsam	SECnology, Inc. SenSage SolarWinds Solutionary Splunk StillSecure Tenable Network Security TNT Software Tripwire, Inc. Triumfant Trustwave Virtela Communications Inc Whitebox Security, LTD.
6. Relevant Bloggers & Tweeters	@mosaicsecurity/siem-vendors, @anton_chuvakin and his blog, @rockyd, @securosis, @lennyzeltser
7. Discussion (Questions, M&A, product releases, innovations, new challenges, groups)	Index of Posts from Securosis – Security Management 2.0: Time to Replace Your SIEM? The SANS Institute named log management one of its top 20 critical controls as part of its Consensus Audit Guidelines. Evolution of the Modern SIEM (Q1 Labs Infographic) LinkedIN Group McAfee Acquires NitroSecurity, IBM Acquires Q1 Labs SIEM
8. White Papers & Compliance	Learn How Security Intelligence Can Help Combat WikiLeaks Stuxnet and Advanced Threats (Q1 Labs) Worldwide Retailer Boosts Privacy with Security Intelligence (Q1 Labs) Transitioning from SIEM to Total Security Intelligence (Q1 Labs) Using Security Intelligence to Gain Operational Efficiencies in Federal Government (Q1 Labs) SANS – Keys to the Kingdom: Monitoring Privileged User Actions for Security and Compliance (LogRhythm) Securing the Virtual Infrastructure (CorreLog) Automate the Security Monitoring of IT Systems In Real Time (NetIQ) Database Activity Monitoring and SIEM: Working Together for Effective Compliance (NetIQ) Managed Security Services vs. In-House Security Information Management (Dell Secureworks) Proactive Network Defense – The Case for SIEM (TriGeo) Critical Scalability Considerations in Evaluating Log Management Solutions (ArcSight) Monitoring Enterprise-wide Business Risk (ArcSight) Digital Fraud & Identity Theft Made Protection of Payment Card Information More Critical Than Ever (ArcSight) Tripwire Log Center: Next Generation Log & Event Management (Tripwire) Pulling the Plug on Legacy Log Management (Tripwire) Detecting, investigating & responding to fraudulent transactions is essential for business operation (ArcSight) Extracting Value from Enterprise Log Data (ArcSight) IT Silos Are Hurting Your Company: Make IT Data a Strategic Asset (Splunk) A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security with Anton Chuvakin (Tripwire) Compliance: Automated Event Log Management for PCI DSS Compliance (GFI) Compliance Support for PCI-DSS (LogRhythm) Meet PCI Compliance using SIEM (TriGeo) Compliance Support for FISMA (LogRhythm) Compliance Support for GLBA (LogRhythm) Compliance Support for HIPAA (LogRhythm) Compliance Support for SOX (LogRhythm) Compliance Support for NERC CIP (LogRhythm) UK – Compliance for Government Connect Secure Extranet (LogRhythm) Automating FISMA Compliance (Tripwire) Recent White Papers on Auditing, Intrusion Detection, and Security Management.
9. Other Resources	CEE Log Standard Guide for the Community NIST Guide to Computer Security Log Management EventTracker Knowledgebase: the largest searchable repository for detailed information about event logs generated by Windows/*nix/Cisco (syslog), Antivirus, Veritas, OpenManage, VMWARE, and more.
10. Relevant Tweets

SIEM Montage: Top 10 Things to Know

Trackbacks

Speak Your Mind Cancel reply