A lot of the security-related tools that we use I think of as minor technologies, such as a firewall-rule audit tool, a security baseline assessment tool and a few scanning services. Now, though, I’m thinking about investing in a security information and event management (SIEM) tool. It could help us make sense of all the data that comes from our firewalls, Unix syslog, Windows event logs and several other application logs. In a previous job, I had the pleasure of deploying and managing a very expensive SIEM, but I won’t have the budget for a Cadillac this time. I’ll have to review the pros and cons of an on-premise solution versus a managed service provider. Although the latter option would entail directing logs so that the third party can analyze data, identify events and determine whether any of the events warrant escalation to an incident, the fact is that running a 24x7 security operations center is expensive, so I may lean toward that choice.
Once I get my thoughts in order, I’ll put together a few slides that will describe the current problems and the risks associated with not doing anything so that the executive staff can make a decision. Budget planning is typically a give-and-take exercise, since all departments are fighting for those corporate dollars. If I don’t go in prepared, I could end up with a lot less than I’m seeking.
Sign up for Computerworld eNewsletters.