When it comes to security information and event management (SIEM) solutions, you get out what you put in. Choosing the right method for organizing the teams that deploy and implement the SIEM, use cases and all, is an important decision. When it comes to organizing the projects and services related to the security of your enterprise, you need to stick to what you know — right? Not necessarily.

Making the switch to Agile may enable your organization to achieve a more rapidly enhanced security posture. The world of security moves fast, and black-hat hackers prey on organizations with sticky feet.

In 2017, being secure means being agile. At the core of any SIEM is the concept of the use case, the set of rules about what patterns and anomalies we are looking for and prioritizing on an enterprise network. Staying agile and keeping these rules and searches up to date and relevant enable us to focus on today’s primary threat vectors, not those from six months ago.

Traditional Versus Agile: QRadar Face-Off

You might assume that Agile is just for software developers, but security analysts can use it to implement a SIEM. Let’s look at an example of Agile security services in action.

IBM QRadar, which earned recognition in the Gartner Magic Quadrant and Forrester Wave, made for a good test case on a recent project. During the project, the SIEM team switched from a traditional Waterfall methodology to Agile.

Here’s what I saw from both sides of the fence. For each area of concern, we’ll first analyze the old approach and then look at how the switch to Agile affected organizational security.

Client Collaboration

  • Traditional: The client basically dropped a big book of what it expected to get out of QRadar on the delivery team’s desk and then went back to fighting fires. OK, it wasn’t quite that bad, but collaboration was not incentivized by management, and this began to create a divided work environment, making it difficult for analysts to use security intelligence to break down silos and create a single-pane view.
  • Agile: The client got involved from the start and throughout the QRadar implementation process, and the required resources were made available on a dynamic basis to meet Agile sprint goals. This way, the client got to see and feel the product rather than waiting long days, weeks or months to see what QRadar could do.

Getting Requirements Right

  • Traditional: Requirements were thoughtfully established and then given to service delivery teams. Requirements changed and security considerations moved on. Slowly, what was being delivered lost touch with what was needed.
  • Agile: Requirements were considered on an ongoing basis, and the product was demonstrated at regular intervals to enable the customer to see where it was meeting expectations and where it could benefit from a different approach.

Team Connectivity

  • Traditional: Different teams worked on the product and in the QRadar environment with little or no communication. We may not have seen how planned changes in the network and security ecosystem affected the product until it was alive and kicking.
  • Agile: Agile product owners got insight into multiple products and changes to the security environment in the enterprise during demonstrations and sync-ups. Potential clashes could be proactively mitigated, eliminating unnecessary delays and keeping motivation high.

Time to Value

  • Traditional: Delivery would have occurred at the end date of the project, no earlier.
  • Agile: QRadar came alive in iterations, giving the fastest possible value by working quickly with the highest-priority incidents rather than waiting for the minutiae of arcane documentation to be completed before realizing value.

Find the Fun in Security

You have probably noticed a pattern by now. With the flexibility and availability of many Agile tools, SIEM is no sweat for a team of motivated and empowered individuals. This project ended with a well-tuned and powerful SIEM, as well as a sense of exponential progress for a team that had found the fun in security.

This is just one example of how a team could work together to adopt Agile and QRadar to beat expectations and create a state of security intelligence. To begin thinking about what your company can do with a powerful SIEM and an empowering way of working, ask yourself the following questions:

  1. Could your organization benefit from closer collaboration between service providers and your enterprise’s security teams and higher-level business units?
  2. Do you find your security priorities changing on a monthly or even weekly basis?
  3. Do you wish you could realize the potential of new products faster and stay on pace with cybercriminals?

If the answer to any of these is yes, it might be time to start thinking about adopting Agile and taking your product implementations to the next level.

Read the white paper: Transitioning from SIEM to Total Security Intelligence

More from Intelligence & Analytics

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read -   April 27, 2023 Update This article is being republished with modifications from the original that was published on April 14, 2023, to change the name of the family of malware from Domino to Minodo. This is being done to avoid any possible confusion with the HCL Domino brand. The family of malware that is described in this article is unrelated to, does not impact, nor uses HCL Domino or any of its components in any way. The malware is…

15 min read