We kicked off our June #SecChat discussion by asking what people had to say about strategies for SIEM implementation. The conversation got off to a rolling start as @armorguy pointed out that implementing a SIEM when underlying processes are immature is bound to be unsuccessful, and the #SIEM_Fail hashtag took flight. The conversation quickly shifted to what-to-dos and what-not-to-dos, focusing heavily on careful planning before implementation and having a goal and plan of action rather than starting with too many use cases.
Another question we presented to participants was what they thought SIEM could accomplish in the space of Big Data. This loaded question saw many pushing back against the language – how much data has to exist for it to be considered “Big Data”?
Our conversation then moved on to discussing some of the ‘gotchas’ you should look out for when choosing a SIEM:
Later on, @armorguy asked our audience whether they believed a SIEM loses value if key business applications are not available to provide native feeds. What did our participants think about the phrase, “Cloud Kills SIEM”?
Many of our contributors viewed the cloud situation positively, suggesting that it might be possible that cloud contribute to SIEM, not work against it.
Finally, we wrapped up this month’s chat with a few key takeaways and best practices from our audience:
As always, thanks to everyone who joined this month’s discussion. This was one of the most high-quality chats I’ve participated in yet, and I hope to see some of you in the feed on 7/24, 11am PT for our July #SecChat on the topic of Network Security.