<p>Security information and event management technology has long been a cornerstone of the SOC — collecting, correlating and centralizing security data to enable more efficient and effective threat detection and incident response.</p>
<p><a href=”https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM”>SIEM</a> integrates with tools, services and endpoints across an organization and handles massive amounts of data, making migration a significant undertaking. The good news is that thoughtful and strategic planning can make the difference between a rocky and smooth deployment. If you’ve recently purchased SIEM technology or are in the process of doing so, let’s examine some best practices for implementation.</p>
<section class=”section main-article-chapter” data-menu-title=”Key SIEM deployment steps”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Key SIEM deployment steps</h2>
<p>While every deployment is unique, the following key steps are advisable across most or all SIEM implementations.</p>
<h3>1. Design the SIEM’s architecture</h3>
<p>The SIEM architecture includes all the supporting systems that SIEM relies upon and interacts with. In this phase, carefully consider the platform’s current and future performance, resilience and security needs.</p>
<p>Identify and prioritize your organization’s top SIEM use cases, which should inform decisions about the architecture. If you have use cases that SIEM doesn’t address on its own, consider adopting additional complementary technologies or techniques. Organizations today commonly combine <a href=”https://www.techtarget.com/searchsecurity/tip/SIEM-vs-SOAR-vs-XDR-Evaluate-the-differences”>SIEM with other tools</a>, such as SOAR and XDR, for example.</p>
<p>Note both primary and tangential costs when designing the SIEM architecture and planning its deployment. Possible unanticipated costs include the following:</p>
<ul class=”default-list”>
<li><a href=”https://www.techtarget.com/searchcio/definition/regulatory-compliance”>Cyber threat intelligence feeds</a> the SIEM ingests.</li>
<li>Migration of stored log data from the existing SIEM to the new SIEM.</li>
<li>Parallel operation of the legacy SIEM and new SIEM due to a phased migration or log retention
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: