SIEM Tools: Implementation Guide and Vendor Evaluation Checklist

Current Project Synopsis:

  • Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million Wifi/FTTx subscribers in top 800 cities of India
  • Jio’s seamless 4G services using FDD-LTE on 1800 MHz and TDD-LTE on 2300 MHz through an integrated ecosystem, aims to provide unparalleled high quality access to innovative and empowering digital content, applications and services.

According to Verizon 2013 data breach report, 84% of exploits & 69% of data exfiltration happens in less than an hour so it’s very critical to have situational awareness i.e. visibility into activities occurring around the enterprise. Proper deployment of next generation SIEM (Security Information & Event Management) tools helps to detect attacks sooner and as a result react more nimbly.

SIEM solutions provide enterprises with network security intelligence and real-time monitoring for network devices, systems, and applications. Using SIEM solutions, IT administrators can mitigate sophisticated cyber attacks, identify the root cause of security incidents, monitor user activity, thwart data breaches and most importantly, meet regulatory compliance requirements.

Most organization think that SIEM solutions have a steep learning curve and are expensive, complex and hard to deploy. Here are few SIEM deployment guidelines and factors you need to consider while evaluating an SIEM Tool. The right SIEM solution is one that can be easily deployed, is cost-effective and meets all your IT security needs with a single tool.

(Read more: Checklist to Evaluate A Cloud Based WAF Vendor)


SIEM Deployment Guidelines

1. Know what is important to security

  • Security Events
  • Network Flows
  • Server & Application Logs
  • Database Activity
  • Application Contents

2. Know what is important to compliance

  • Identity Content
  • Classification of data
  • Access to data
  • Usage of data


Checklist for SIEM Solution Evaluation

1. Log Collection

  • EPS (events per second) rate at which your IT infrastructure sends events should match with your SIEM tool
  • Should be able to collect logs from heterogeneous sources (Windows, Unix/Linux, Applications, Database, Network Devices ,Firewalls, IPS, IDS)
  • Capability of agent-less and agent based log collection method

2. Real Time Event Correlations

  • Proactively dealing with threats based on log search, rules and alerts. Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the networks

3. Log Retention

  • Capability to easily retrieve and analyze log data
  • Should automatically archive all log data from systems, devices and applications to a centralized repository.

4. IT Compliance Reports

  • Out of box regulatory compliance of PCI DSS, ISO 27001, SOX, HIPAA etc

5. User Activity Monitoring

  • Out of box user activity monitoring, privileged user monitoring, audit reporting, Know which user performed the action, what was the result of the action. Source & destination address of the systems /devices used.

6. File Integrity Monitoring

  • Capability to monitor business critical files & folders. 
  • Capture details of when files were created, accessed, viewed, deleted, modified, renamed etc.,

7. Log Forensics

  • Capability to track down a intruder or event activity using log search capability

8. Dashboards

  • Capability to take timely actions & right decisions during network / system anomalies

9. Global Threat Intelligence Feeds

  • Capability to get latest global threat intelligence feeds & carrier grade threat intelligence so as to proactively manage threats. Collaboration among organizations to enhance security 
  • Precise solutions for compromised systems and networks

10. Big Data Analytics

  • Capability to forecast threats using big data, Accurate analysis of structured as well as unstructured data
  • Constant intelligence gathering to strengthen security

-With Binu Chacko, Head of iSoc(Security Operations Center) & Digital Forensics, Reliance Jio Infocomm on 'SIEM Tools: Implementation Guide and Vendor Evaluation Checklist'

(Read more: Checklist for PCI DSS Implementation & Certification)

Views: 4047

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

Comment by pritha on September 26, 2014 at 3:08pm

Thanks Avkash for your feedback. Why don't you write an article explaining the key learning of SIEM use cases? Click here to write

Comment by Avkash K on September 26, 2014 at 11:25am

Correctly derived parameters.

Just to Add, Most important thing for any successful SIEM implementation is the Use-cases(Correlation Rules).

It has to be derived based on the understanding of the network, type of the logs, type of the data lying in the network, technologies being deployed, type of the business environment which organization is sharing amongst the global market. Use-cases missed is equal to an loophole into the security monitoring.

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */