We are Infosecnirvana have posted Evaluating SIEM – What you need to know?. Readers had a lot of good comments on this post and one of the readers – Frank Bijkersma who blogs here came up with an idea to expand the content in the post to make it a Whitepaper which will serve as a good post. So here you go – Evaluating SIEM – Version 2.0.
So here it is. Please feel free to read the guide and let us know your thoughts on it.
[gview file=”http://infosecnirvana.com/wp-content/uploads/2014/05/SIEMEvaluationChecklist.pdf” save=”0″]
Very good document. Thanks for putting it together and keeping it up to date. I’m coming at this from a vendors perspective and i’ve been in SIEM market for over 10 years now. A couple things that should be considered for inclusion in this are how the SIEM deals with other forms of data besides events/logs. Such as network flows. Many SIEMs claim this capability now but not all are equal in what they do with that data and how it helps with detecting threats. The other thing you mention is product roadmap/vision. Obviously important but I also think it’s important to understand the companies history. How has it executed on the vision that it set in the past and also, how have they treated their customers over the years. Have they done their best to leverage customers investments in their appliances or software or when their have been major upgrades has the vendor forced a rip and replace of hardware. This is just as, if not more important as vision and roadmap.