When it comes to security information and event management (SIEM) solutions, you get out what you put in. Choosing the right method for organizing the teams that deploy and implement the SIEM, use cases and all, is an important decision. When it comes to organizing the projects and services related to the security of your enterprise, you need to stick to what you know — right? Not necessarily.

Making the switch to Agile may enable your organization to achieve a more rapidly enhanced security posture. The world of security moves fast, and black-hat hackers prey on organizations with sticky feet.

In 2017, being secure means being agile. At the core of any SIEM is the concept of the use case, the set of rules about what patterns and anomalies we are looking for and prioritizing on an enterprise network. Staying agile and keeping these rules and searches up to date and relevant enable us to focus on today’s primary threat vectors, not those from six months ago.

Traditional Versus Agile: QRadar Face-Off

You might assume that Agile is just for software developers, but security analysts can use it to implement a SIEM. Let’s look at an example of Agile security services in action.

IBM QRadar, which earned recognition in the Gartner Magic Quadrant and Forrester Wave, made for a good test case on a recent project. During the project, the SIEM team switched from a traditional Waterfall methodology to Agile.

Here’s what I saw from both sides of the fence. For each area of concern, we’ll first analyze the old approach and then look at how the switch to Agile affected organizational security.

Client Collaboration

  • Traditional: The client basically dropped a big book of what it expected to get out of QRadar on the delivery team’s desk and then went back to fighting fires. OK, it wasn’t quite that bad, but collaboration was not incentivized by management, and this began to create a divided work environment, making it difficult for analysts to use security intelligence to break down silos and create a single-pane view.
  • Agile: The client got involved from the start and throughout the QRadar implementation process, and the required resources were made available on a dynamic basis to meet Agile sprint goals. This way, the client got to see and feel the product rather than waiting long days, weeks or months to see what QRadar could do.

Getting Requirements Right

  • Traditional: Requirements were thoughtfully established and then given to service delivery teams. Requirements changed and security considerations moved on. Slowly, what was being delivered lost touch with what was needed.
  • Agile: Requirements were considered on an ongoing basis, and the product was demonstrated at regular intervals to enable the customer to see where it was meeting expectations and where it could benefit from a different approach.

Team Connectivity

  • Traditional: Different teams worked on the product and in the QRadar environment with little or no communication. We may not have seen how planned changes in the network and security ecosystem affected the product until it was alive and kicking.
  • Agile: Agile product owners got insight into multiple products and changes to the security environment in the enterprise during demonstrations and sync-ups. Potential clashes could be proactively mitigated, eliminating unnecessary delays and keeping motivation high.

Time to Value

  • Traditional: Delivery would have occurred at the end date of the project, no earlier.
  • Agile: QRadar came alive in iterations, giving the fastest possible value by working quickly with the highest-priority incidents rather than waiting for the minutiae of arcane documentation to be completed before realizing value.

Find the Fun in Security

You have probably noticed a pattern by now. With the flexibility and availability of many Agile tools, SIEM is no sweat for a team of motivated and empowered individuals. This project ended with a well-tuned and powerful SIEM, as well as a sense of exponential progress for a team that had found the fun in security.

This is just one example of how a team could work together to adopt Agile and QRadar to beat expectations and create a state of security intelligence. To begin thinking about what your company can do with a powerful SIEM and an empowering way of working, ask yourself the following questions:

  1. Could your organization benefit from closer collaboration between service providers and your enterprise’s security teams and higher-level business units?
  2. Do you find your security priorities changing on a monthly or even weekly basis?
  3. Do you wish you could realize the potential of new products faster and stay on pace with cybercriminals?

If the answer to any of these is yes, it might be time to start thinking about adopting Agile and taking your product implementations to the next level.

Read the white paper: Transitioning from SIEM to Total Security Intelligence

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today