To SIEM or Not to SIEM: Making the Right Choice for Your Business
Pros and Cons for Managing Risk and Meeting PCI Compliance
Whether you use third-party Log Management, a Security Information & Event Management (SIEM), or advanced analysis solutions such as Managed Detection & Response (MDR), organizations must process, transmit, analyze, and alert on security event information. However, there are only so many security resources available to perform these activities, and in many organizations other activities take priority over monitoring and properly implementing incident response.
Minimizing ‘Hair on Fire’ Problems
The goal is to detect malicious behavior before it becomes a major issue. When alerts are generated, they must be responded to in a timely manner to be useful. With the inherent complexity of a SIEM to correlate and alert in a useful way, not to mention the challenge in gaining clear instructions for incident response, some organizations are looking at options.
Comparing a SIEM to an MDR and Logger: What do you gain and lose?
While employing a “belt and suspenders” approach for defense-in-depth might be ideal to reduce risk, most organizations lack a large, formal security team and dedicated security monitoring function—whether insourced or outsourced. Thus, they are challenged to implement a threat-detection focused monitoring and response capability. The PCI DSS offers alternatives for meeting their requirements to 1) identify & respond to a breach in a timely manner and 2) to facilitate a forensics investigation.
In this webinar, we will discuss the alternatives to help you make the best decision for your organization.
This panel discussion will feature Justin Leapline and Chris Prewitt from TrustedSec and Dave DeSimone from Binary Defense.