SIEM Implementation - Challenges
Delivered February 5, 2020. Contributor: Gbolahan G.
Goals
To identify barriers or challenges companies encounter when implementing cloud-based and traditional SIEM systems.
Early Findings
- Cloud SIEM systems are relatively easier to deploy compared to traditional SIEM systems. According to an article by Sumo Logic, they are also known to be cheaper and faster.
- Major providers of cloud-based SIEM systems, such as Microsoft and Google, are still relatively lacking in providing all of the connectors needed to pull data from other systems.
- A 2019 study by Mckinsey identified the lack of preexisting connectors to commonly used cloud SIEM platforms as a major challenge to implementing the security system for SaaS platforms. According to the study, providing relevant connectors will help clients implement their products more quickly, less expensively, and with greater confidence that they are not introducing new security vulnerabilities.
- Another study on implementing traditional SIEM systems identified the total sunk cost associated with the process as a challenge for some firms. SIEM systems typically require about six months to set up before it can start to deliver security. All through this process, significant infrastructure and personnel costs are incurred in ensuring the success of the system, which adds up to the final cost of the process.
- Gartner Research identified six major difficulties that affect companies when implementing SIEM systems. They include panning failure, lack of sufficient resources, inability to properly define the scope of the project, noise monitoring, insufficient context, and overly optimistic scoping.
Research proposal:
Only the project owner can select the next research path.