The CISO’s guide to choosing the right SIEM: How (some) SIEMs have evolved to serve CISO

The CISO’s guide to choosing the right SIEM: How (some) SIEMs have evolved to serve CISO

Cybersecurity has evolved into one of the most important departments in any organization. Forty years ago, long before connectivity was ubiquitous, IT security involved ensuring the computer room was locked so criminals couldn’t steal the floppy disks or punch cards.

Fast forward to 2022, and ‘Chief Information Security Officer’ (CISO) is a common job title. The CISO is responsible for thousands (and possibly hundreds of thousands) of IT devices scattered over vast geographic regions that need protection from attackers who could be located anywhere on the planet. And this goes on 24 hours a day, seven days a week, without any breaks or any relief.

The continuous threat of attack means modern infrastructures rely on sophisticated security products to keep an eye on traffic and differentiate between legitimate day-to-day activities and potential malicious activity. Known as a SIEM, or Security Information and Event Management, these products are designed to detect threats and manage security incidents by sifting through vast quantities of organizational data traffic.

Choosing a SIEM

One of the most important decisions the CISO will make is choosing a SIEM that is the right fit for their organization. Factors include the size of the organization, the complexity of its infrastructure, the types of applications being used, the volume of alerts that are produced, and the number of security staff at the CISO’s disposal. Compliance regulations are also a factor because some industry verticals require logs and network activities to be stored for set periods of time.

CISOs are risk managers. They need to decide how to best protect their organization and comply with regulations using a finite budget. It’s a balancing act between providing access to resources so the organization can function, and protecting those resources from unauthoriz ..

Support the originator by clicking the read the rest link below.