The Road from Log Management to SIEM

Log management and SIEM (Security Information and Event Management) are closely related; SIEM builds on the basic capabilities of log management (collecting, analyzing and reporting on log data) to add data from other security devices, network devices, applications and systems to enable real-time network security monitoring, event correlation and incident response. Once an organization has taken care of “the basics” with log management, looking for the outcomes of a successful SIEM implementation is a natural progression. But those outcomes can be hard to achieve. There are plenty of capable SIEM products on the market, but products aren’t outcomes. SIEM requires a great deal of care and feeding to produce the results that drive better security, and because of this, a lot of money has been spent buying boxes without seeing results. SaaS SIEM products seem like a way to avoid this shelfware problem, but let’s face it – SaaS products can become shelfware too. They’re just on someone else’s shelf. SaaS certainly reduces the management overhead, but the challenges go beyond that:

  • Having the required expertise to create security content to identify and correlate security incidents
  • Identifying the right data to collect and determining what it means
  • 24×7 monitoring by a security operations center

These are problems that Alert Logic has grappled with before; our business is built around solving them for a variety of cyber security technologies, including IDS Software, web application firewalls, vulnerability scanning and log management. So as we built the next release of Log Manager, coming later this quarter, we did so with an eye toward solving these SIEM problems for our customers. We’ll be sharing more details about Log Manager’s next release and our 2013 roadmap in the coming weeks. For this quarter’s release, we’ve added powerful new search capabilities, some amazing management tools, and new collection options that let you deploy anywhere – from a public cloud to the servers in your own datacenter – and get a unified view of all of your data. Next on the agenda is real-time monitoring across the entire Alert Logic platform with correlation across multiple security technologies. Are we building a SIEM? We’d say that we’re building something better: SIEM outcomes on our Security-as-a-Service platform, fully managed, fully scalable and deployable everywhere your IT goes – from the Amazon Cloud to managed hosted environments and of course, in your own facilities. This is the fastest way to get to real outcomes – faster than buying, implementing and managing a traditional SIEM product. We recently held a webinar with product manager Andy Leach to talk about the next Log Manager release and how these SIEM capabilities will roll out.