Why You Don’t Need (or Want) a SIEM Tool

There are a lot of things that sound good on paper, but don’t work out as planned in practice: Hot dog buns that are sliced on the top, being a Detroit Lions fan, implementing a SIEM tool. Of course, you can just buy regular hot dog buns, and—thankfully—you don’t need to buy a SIEM tool. I can’t help you with being a Lions fan—it’s a curse I live with myself—but, two out of three isn’t bad. But I digress. Let’s get back to why you don’t want a SIEM tool.

What is a SIEM?

What is a SIEM, anyway? I suppose we should start by considering why someone might think about implementing a SIEM tool in the first place. In the Magic Quadrant for Security Information and Event Management, Gartner defines it:

“Gartner defines the security and information event management (SIEM) market by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.  

SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as network telemetry. Event data is combined with contextual information about users, assets, threats and vulnerabilities.  

The data may be normalized, so that events, data and contextual information from disparate sources can be analyzed for specific purposes, such as network security event monitoring, user activity monitoring and security compliance reporting. The technology provides real-time analysis of events for security monitoring, query and long-range analytics for historical analysis and other support for incident investigation and management, and reporting (e.g., for compliance requirements).”

That is an awful lot to expect from one enterprise security solution—especially if you don’t have the skills and expertise to properly implement, configure, and manage it. What SIEM vendors won’t tell you is that the value of a SIEM solution for cybersecurity depends heavily on the threat intelligence feeds it uses, and on having security experts capable of doing the log management, threat detection, and forensic analysis necessary to deliver the results you’re expecting.  

SIEM is Complex and Challenging

Matt Selheimer, Chief Marketing Officer for Alert Logic, recently presented a webinar titled “Why You No Longer Need a SIEM Tool.” During the presentation, he asked the audience about their view on SIEM tools. More than 80 percent responded that a SIEM is challenging to get up-and-running and get value from, or that they’ve held off implementing a SIEM tool because they’ve heard of the significant difficulties involved.  

What you really want is confidence in your security posture and some peace of mind. There are a variety of tools that can help you achieve that goal. A SIEM is one such tool—but it’s a tool that requires significant effort from you to implement, maintain, and monitor.  

Let’s use an analogy. Breakfast.

What you want is a meal. There is a wide array of things you could eat that would satisfy that need, but you decide you want an omelette. Good choice. However, instead of a delicious ham and cheese omelette, someone gives you a chicken, a pig, and a cow and leaves it up to you to get from there to your original goal: breakfast.  

All you really wanted was breakfast. You’re not a farmer. You’re not a chef. You don’t want to be either of those things, really. You just want breakfast.  

That is essentially what you get with SIEM software. SIEM systems are a concept that sounds good on paper—and can be effective in practice. The issue, however, is that it requires expertise to implement and configure, and it requires consistent updating and monitoring by someone with the right skill to identify and respond to suspicious and malicious activity. It is not something you can just buy and install and magically get the peace of mind you were looking for.  

SIEMless Threat Management

I have good news. There is better way to get breakfast…I mean confidence in your security posture and peace of mind. Think of it like having an executive chef deliver the perfect omelette to your table rather than raising your own animals and making it yourself.  

If you want to know more about the pitfalls and challenges of implementing your own SIEM tool, and how Alert Logic SIEMless Threat Management can help you avoid that mess and provide the security you need at the same time, check out the recording of Matt Selheimer’s webinar: Why You No Longer Need a SIEM Tool.

 

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley