Light Dark
April 5, 2017 By Alexander M. Paterson 3 min read
Intelligence & Analytics

When it comes to security information and event management (SIEM) solutions, you get out what you put in. Choosing the right method for organizing the teams that deploy and implement the SIEM, use cases and all, is an important decision. When it comes to organizing the projects and services related to the security of your enterprise, you need to stick to what you know — right? Not necessarily.

Making the switch to Agile may enable your organization to achieve a more rapidly enhanced security posture. The world of security moves fast, and black-hat hackers prey on organizations with sticky feet.

In 2017, being secure means being agile. At the core of any SIEM is the concept of the use case, the set of rules about what patterns and anomalies we are looking for and prioritizing on an enterprise network. Staying agile and keeping these rules and searches up to date and relevant enable us to focus on today’s primary threat vectors, not those from six months ago.

Traditional Versus Agile: QRadar Face-Off

You might assume that Agile is just for software developers, but security analysts can use it to implement a SIEM. Let’s look at an example of Agile security services in action.

IBM QRadar, which earned recognition in the Gartner Magic Quadrant and Forrester Wave, made for a good test case on a recent project. During the project, the SIEM team switched from a traditional Waterfall methodology to Agile.

Here’s what I saw from both sides of the fence. For each area of concern, we’ll first analyze the old approach and then look at how the switch to Agile affected organizational security.

Client Collaboration

  • Traditional: The client basically dropped a big book of what it expected to get out of QRadar on the delivery team’s desk and then went back to fighting fires. OK, it wasn’t quite that bad, but collaboration was not incentivized by management, and this began to create a divided work environment, making it difficult for analysts to use security intelligence to break down silos and create a single-pane view.
  • Agile: The client got involved from the start and throughout the QRadar implementation process, and the required resources were made available on a dynamic basis to meet Agile sprint goals. This way, the client got to see and feel the product rather than waiting long days, weeks or months to see what QRadar could do.

Getting Requirements Right

  • Traditional: Requirements were thoughtfully established and then given to service delivery teams. Requirements changed and security considerations moved on. Slowly, what was being delivered lost touch with what was needed.
  • Agile: Requirements were considered on an ongoing basis, and the product was demonstrated at regular intervals to enable the customer to see where it was meeting expectations and where it could benefit from a different approach.

Team Connectivity

  • Traditional: Different teams worked on the product and in the QRadar environment with little or no communication. We may not have seen how planned changes in the network and security ecosystem affected the product until it was alive and kicking.
  • Agile: Agile product owners got insight into multiple products and changes to the security environment in the enterprise during demonstrations and sync-ups. Potential clashes could be proactively mitigated, eliminating unnecessary delays and keeping motivation high.

Time to Value

  • Traditional: Delivery would have occurred at the end date of the project, no earlier.
  • Agile: QRadar came alive in iterations, giving the fastest possible value by working quickly with the highest-priority incidents rather than waiting for the minutiae of arcane documentation to be completed before realizing value.

Find the Fun in Security

You have probably noticed a pattern by now. With the flexibility and availability of many Agile tools, SIEM is no sweat for a team of motivated and empowered individuals. This project ended with a well-tuned and powerful SIEM, as well as a sense of exponential progress for a team that had found the fun in security.

This is just one example of how a team could work together to adopt Agile and QRadar to beat expectations and create a state of security intelligence. To begin thinking about what your company can do with a powerful SIEM and an empowering way of working, ask yourself the following questions:

  1. Could your organization benefit from closer collaboration between service providers and your enterprise’s security teams and higher-level business units?
  2. Do you find your security priorities changing on a monthly or even weekly basis?
  3. Do you wish you could realize the potential of new products faster and stay on pace with cybercriminals?

If the answer to any of these is yes, it might be time to start thinking about adopting Agile and taking your product implementations to the next level.

Read the white paper: Transitioning from SIEM to Total Security Intelligence

 |  |  |  | 
Alexander M. Paterson
Security Intelligence Consultant, IBM

More from Intelligence & Analytics
February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

December 14, 2023

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature