Question

Discuss why SIEM projects fail in the following subsections.

1. SIEM Overreach? 2 Technical Challenges? 3 Organizational Cooperation? 4 Organizational Commitment? 5 Level of IT Maturity? 6 Just a matter of Installing SIEM?

Answer 1

SIEM is abbreviated as Security Information and Event Management.
With cyber security being such an important issue these days, many companies are investing in SIEM technology for real-time analysis of security alerts. But if companies don’t step into the SIEM world with the right expectations than their investments may fail to provide benefits.

SIEM Overreach :
The first thing is that when SIEM is implemented is how complex network operations actually are and how many overlapping systems and conflicts are involved. This typically creates such an alerts that the projects are either abandoned or the output is ignored.
It is best to look at SIEM as a tool for continual process improvement but it is not a final destination but rather a reasonable starting point that will need to involve with the security needs of organizations.

Technical Challenges :
Organizations failing to grasp the technical challenges involved with SIEM technology. Organizations simply assume that SIEM will work easily and automatically right . They overlook or underestimate the technical complexities involved.

Organizational Cooperation :
Organizations not understanding the level of cooperation that’s required for SIEM deployment. For SIEM to work properly, the entire organization needs to work together. Some of the team aspects are as follows :

1. Application development
2. Patch management and change control in all departments
3. Access control in all departments
4. Security infrastructure team
5. Network team
6. Server and authentication team
7. Audit and compliance
8. Storage team

Organizational Commitment :
Organizations not committing sufficient time and resources to system maintenance. Every time a system is patched or modified, there is a good chance that the SIEM will either stop working or require reintegration of the system. The SIEM team must be fully integrated into the organization’s operational workflow and change control and should have influence over the architecture and design.

Level of IT Maturity :

1. Besides cooperation, just delivering a report that may require an organization to:
2. Reorganize IT completely.
3. Eliminate power hungry leadership individuals who believe they should have complete say in their department.
4. Create a functional CISO role that has independent reporting structure from IT.

Just a Matter of Installing SIEM :
Organizations think that SIEM is just something like install and get working.
But the fact is that, the biggest benefit of implementing SIEM is that it reveals how to mature an organization and its security across all areas like people, processes and technology. True security can’t be achieved until there’s a well-run, well-defined organization in place where the technology works, the processes are well defined and followed, and the personnel put the organization’s needs ahead of theirs.