What your SIEM vendors probably never tell you!.

1 September 2015

It is very natural that all CIOs, CISO and IT Security Head would love to have a simple way out in solving complicated challenges in Cyber Threats. However, As most of them quickly learn, easy solutions most of the time don’t work! regardless of what their security product sales specialist may say.

Good IT Security governance requires you to maintain a good balance between your business users needs versus protecting critical and confidential data and the systems that support it.

What did your security product vendors promised?

You may have been told, or sold that you need a world class tool like Security Information and Event Management (SIEM) or some Zero-day protection system and a few other more combined to addresses several requirements like PCIDSS, PDPA, ISMS, compliance need from relevant regulatory bodies and so on to maintain a mature cyber security program.

While a good combination of security products mix may probably partially help you to capture and protect your IT Assets and provide real situational awareness to your organization. The major component of People and Process in making sure all these technology is at optimal utilization is the most important concern one should consider.

Since SysArmy Sdn Bhd ( major focus is in the business of Managed Security Services, we will focus now on the topic of whether can an organization Automate its Cyber Security Protections.

Can you really automate Cyber Security monitoring and protections?

In many SysArmy encounters, we understand that developing an optimal and compliant IT Security program is never an easy task and people are constantly looking into all possibilities to ease the process. Your SIEM salesperson’s may tell you that there are easy buttons in their solutions to be pressed. We know for sure this is not necessarily true since a SIEM (regardless of whatever brand it may be) requires ongoing attention from a experienced security analysts. Failure to budget for and allocate the appropriate man power to its implementation and maintenance will very often cause miserable failure and wastage of budget.

The key success factor is still human!

Continuous support and operational activities will require full-time or equivalent man-power even in a simple environments. CIOs or CISO need to make sure to allocate enough of man power for these tasks during planning stage.

Very Often after evaluating all the required resources, engaging a managed service provider that includes the people, technology and processes makes a better sense than having to build and maintain your own. Organizations seeking 24x7 detection, protection and response capability will see the significant cost savings using a managed services vendor.