Are you wasting money on this common cybersecurity investment?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

A wasted investment is the last thing any organization needs, yet the cost of a cybersecurity solution doesn’t necessarily equate to value.  Consider Security Information and Event Management, or SIEM tools for example.  Dark Reading points out that the tool itself is not the key factor in the effectiveness – it must be properly configured with the logs from devices that will provide the data needed to provide visibility into what is happening on the network, from firewalls and edge devices to Active Directory accounts and endpoints.

Next, the SIEM quickly becomes useless if the business rules to trigger events are not tuned to the specific environment.  You don’t want so many false positives that your staff doesn’t pay attention to a warning that could stop a compromise, so the tuning needs to be ongoing. Target and Yahoo are two well documented examples of not making use of the data in their SIEMs to catch breach activity.

Finally as relates to the SIEM, the investment is wasted if no one is watching the logs, correlating the data, and providing real-time analysis and response.  Imagine a physical security alarm system sending a break-in signal with no one at ADT to see the alarm and dispatch the police for response.  The investment in the alarm system does not provide any value in this scenario, yet we see this play out with SIEM tools all the time. Many organizations find a Managed Security Service Provider (MSSP) to be a better fit than a SIEM tool if they don’t have the resources to make the most of this investment.

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform