Description
Write a 3 page summary of your research of SIEM products. At a minimum, your summary must include the following:
An introduction or overview for the security technology category (SIEM).
A review of the features, capabilities, and deficiencies for your selected vendor and product
Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.
Case Study #4: Technology & Product Review for an SIEM Solution
Case Scenario:
Agile Belair (the “client”) is a high technology company with multiple locations (“satellite
campuses”) within a metropolitan area. Due to the sensitive nature of their business and the risk of
intellectual property theft, the company needs a robust Security Information and Event Monitoring
solution (SIEM) which is capable of detecting and responding to attacks. The company had tried building
its own SIEM solution to collect and interpret log files and event data. But, during pilot testing they
determined that the product was lacking in its reporting and alerting capabilities. Their custom solution
also had problems handling the high volume of event data being reported from its satellite campuses.
The client’s Chief Technology Officer has asked your company to research and recommend a
product which will allow them to incorporate a next generation SIEM solution into their multi-campus
infrastructure. The CTO specifically wants an SIEM solution that combines real-time monitoring, threat
analytics, and event management / reporting.
Research:
1. Review the Week 7 readings.
2. Choose one of the SIEM products from the Gartner Magic Quadrant analyses.
3. Research your chosen product using the vendor’s website and product information brochures.
(Vendors for highly rated products will provide a copy of Gartner’s most recent Magic Quadrant
report on their websites but, registration is required.)
4. Find three or more additional sources which provide reviews for (a) your chosen product or (b)
general information about SIEM technologies and solutions.
Write:
Write a 3 page summary of your research. At a minimum, your summary must include the
following:
1. An introduction or overview for the security technology category (SIEM).
2. A review of the features, capabilities, and deficiencies for your selected vendor and product
3. Discussion of how the selected product could be used by your client to support its
cybersecurity objectives by reducing risk, increasing resistance to threats/attacks,
decreasing vulnerabilities, etc.
As you write your review, make sure that you address security issues using standard
cybersecurity terminology (e.g. 5 Pillars IA, 5 Pillars Information Security). See the resources listed under
Course Resources > Cybersecurity Concepts Review for definitions and terminology.