Is your organization, like many others, thinking about security monitoring and realizing that it is hard to find and/or fund the resources needed to keep up with the ever-changing threat landscape? In today’s interconnected world, the threats that are unseen are sometimes more problematic than those we do see within our IT infrastructure. The question then becomes: How can your organization monitor and respond to threats in real time?

Perhaps you are asking questions like, “Should I invest in a security information and event management (SIEM) solution?” “Should I build a security operations center (SOC) to optimize my security operations?” “How can I implement and operate a SIEM solution and/or a SOC given the minimal resources I have on hand?”

Security Monitoring with SIEM

SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. In my role, I have the opportunity to help clients optimize the effectiveness of their security operations. Most of us agree that, due to the growing complexity of the security threat, it is necessary to rely on the power and insight offered by SIEM technology.

SIEM capability can be integrated into most organizations using one of three options:

  • Customer-premise SIEM tool
  • Managed security service; or
  • A hybrid solution that combines a CPE SIEM tool and managed security service.

3 Key Characteristics of a Hybrid Security Operations

Which approach is best for your organization? Let’s take a look at the three key characteristics of a hybrid security operations solution.

  1. First, for many midmarket organizations and some large enterprises, the operation of a SIEM seems overwhelming, given the need for staff expertise in SIEM administration, threat research and security intelligence analysis. The SIEM environment must continually be monitored, managed, tuned and extended to maximize effective operational coverage. With the hybrid approach, the solution can be set up quickly, has the flexibility to scale effectively and minimizes risks and unforeseen costs. The services provider offers extended resources to supplement your internal staff in the operation of the CPE SIEM environment. With a hybrid solution, the organization now has access to named resources to overcome staffing challenges. Imagine an arrangement in which Tier One and Two security event tickets are handled by the MSSP and Tier Three handled internally.
  2. Second, the services provider can provide broad threat intelligence resulting from their global visibility across hundreds and thousands of customer environments, thereby enhancing the threat awareness capability of your operation. Imagine having access to global threat intelligence and highly-skilled security intelligence analysts as a normal extension of your internal resources.
  3. Lastly, the services provider can flex staffing to scale as the need arises or take on planned coverage and/or unforeseen resource requirements. Flexible staffing can eliminate the need to attract and retain staff needed for given conditions (even off-hours support). Consider your needs for specialty resources and teams in areas such as security incident response, forensics, remediation actions, etc. Many MSSPs can provide specialty services such as these to supplement your staff. On a separate point, consider the times when you desire access to expertise for assistance in developing and/or validating your security program strategy. Similarly, think of the need to implement or refresh technology and/or process in one or more elements of your security program — IAM, Data Security, GRC, Policy, etc. Many MSSP providers offer security consultants to advise or deliver on program assessments, comparative benchmarks or other strategy considerations.

The good news is that organizations of all sizes can now take advantage of the proven benefits of a full SIEM for security operations. As a result, they become equipped to better support the business risk management objectives. Whether the organization is prepared to implement and execute a SIEM extension using existing resources or needs the help and expertise of a third party, a SIEM strategy can be implemented using the flexible approach of a hybrid security operations model.

Read the IT executive guide to security intelligence

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today