May 18, 2012
Security Information Management (SIM) Buying Tips
Users, analysts and experts share insights into how to successfully scope, fund and procure Security Information Management (SIM, including SEM and SIEM) solutions. Includes SIM solution RFP guidance, feature checklists and buying tips.
| Calm Amidst the Storm |
| RFP CHECKLIST: Security information management: 1) Begin with the end in mind. Ask what you want to achieve with a security information management system. 2) Outline additional, survivable storage infrastructure that may be needed to keep security information management data not only available to security analysts but also archived for compliance. 3) Ask vendors how their products use caching, failover and redundancy to respond to a database crash. 4) Choose the database wisely. Most vendors offer so-called open-standards databases, such as Oracle Database, but some may keep their programming hooks private. 5) Make sure the product can collect all relevant data, not only from intrusion detection systems, firewalls and other security devices, but also from operating systems and both custom and commercial applications. 6) Ask vendors how easy it is to customize correlation rules for a unique environment. 7) Scrutinize scalability.8) Ask vendors to explain the assumptions behind their performance metrics. 9) Look for a healthy complement of canned report formats for key compliance regulations. 10) Watch for version dissonance between your security devices and the security information management product. |
| David Essex, Washington Technology |
| Security Information Management: Not Just the Next Big Thing |
| "When shopping for SIM vendors: 1) Learn about the organization, not just the product and its price tag (though SIM products do have a large price variance). 2) Read the customer testimonials to understand what kind of problems customers were able to solve. 3) Make sure the critical assets, such as servers and firewalls, can be covered, but leave room for some flexibility. 4) See a product demonstration, preferably a live system where the flow of data can be seen. 5) Ask questions of the sales team that they may not be able to answer. The purchaser has to live with this product, and he/she needs to be confident that the vendor as a whole is doing what is in his/her best interest and the product is going to address the organization's needs. 6) Get a feel for how the product is deployed and what the responsibilities are going to be during deployment. It is pretty safe to assume that the SIM vendors have deployed more SIM solutions than the buyer, so they should be able to answer any questions about how they will deploy in the organization's environment." |
| Nicole Pauls, Information Systems Audit and Control Association |
| Security Information Management |
| Key questions to ask when selecting a SIM solution: How does the SIM get information? Where will the [SIM] information be processed? How will [SIM] information be correlated? How are reports generated? How can you look at highlighted incidents? How easily can you highlight a particular time period and analyse traffic by the criteria that you specify? How easy does the correlation engine within the client make it to look for patterns within a specified time? How can you share information with other applications? How easy is the SIM to install and configure? Does the SIM initiate scans of devices on the network, or does it simply sniff the traffic stream for events, assets, and suspicious traffic patterns? |
| Curtis Franklin, Jr., Information Age |
« 1 | 2 | 3 | 4 | next »
|
|
