SIEM VENDORS HAVE IT ALL BACKWARDS

On my way into the office this morning, I listened to a podcast interview of a well known SIEM vendor. I got more and more frustrated at the wheel, but did make it to the office without incident. The focus of this conversation was the plethora of log sources that this vendor could ingest system, network, endpoint and the machine learning used to analyze the data.This is backwards. Good security designs need to start with the CUSTOMER. Yes, the customer. Who are the specific people that want information and what exactly do they want to see? Users could be audit, security operations, CISO, security analysts, developer, etc. Any other log files collected are irrelevant. This approach is just lean thinking applied to security. Lean itself has been discussed in many books; I discussed it in the context of security here. The first lean principle is voice of the customer . SIEM tool design needs to run backwards, starting with the user interface, not the sources of data. Another…

This is a Security Bloggers Network syndicated blog post authored by Fred Scholl. Read the original post at: Security Connections