ISSA Milwaukee June 2011 Meeting

Yesterday afternoon I attended the June 2011 general meeting of the Milwaukee Chapter of the ISSA. The meeting was held at the New Berlin Ale House and was well attended by approximately 30-35 people.

The guest speaker for the meeting was Robert Clark, Eastern US Channel Manager for TriGeo Network Security, and the topic was, “What Can a SIEM do for You?” “SIEM,” of course, stands for “Security Information & Event Management.” Mr. Clark’s talk was relatively quick and not very technical, but he did bring up some useful questions to ask your SIEM vendor, including:

  • What does the solution have to offer out of the box and does it require several modules to meet your requirements?
  • Are there any ongoing professional services and what are the costs?
  • Will you need to provide the hardware?
  • Is the data evaluated in real-time or is it primarily a forensics solution?
  • Does the correlation engine process events in memory or query the database?
  • How intuitive is the interface? Can you easily build or customize rules, filters, etc.?
  • How long is the implementation process and does it require on-site technicians?

Two of the attendees explained how they evaluated SIEM solutions. Their advice was to commit to developing an in-house expert; otherwise professional service fees will eat your budget and you’ll never get a proper ROI on a SIEM solution. One person suggested this might be a valid reason for some organizations to consider a Managed Security Services (MSS) solution.

One attendee also suggested following Anton Chuvakin’s Blog, as he frequently blogs about SIEM.

In all, it was another successful ISSA Milwaukee chapter meeting and a great opportunity to network with other information security professionals in the area.