Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Report: SIEM Tools Still Pose Deployment Challenges

Even as organizations claim their efforts to deploy system data into security information and event management (SIEM) tools is largely driven by the need to find real-time information to thwart attacks, they still face challenges, concludes the newly released InformationWeek report "IT Pro Ranking: SIEM." Chief among the difficulties: the complexity and cost of using these suites could keep enterprises from getting the full value out of their SIEM tools.

Based on a survey of 322 IT decision makers, the report showed that the largest cited driver for SIEM use was the real-time detection and response to threats, with 44% of organizations stating that as the main reason they use SIEM. But at the same time, the types of data fed into the typical SIEM and the challenges staring down IT managers in launching and maintaining these systems indicate that most deployments are not sophisticated enough to achieve these objectives.

More Insights


More >>

White Papers

More >>


More >>

"In most cases, they're really not fully utilized or even half utilized. They're often installed in a basic configuration and put in maintenance, and then not much more beyond that," says Dean Francis, enterprise architect at Fusion PPT and author of the report. "It may be put in place due to a requirement, but without that care and feeding, it's really basically a log manager."

According to the report, organizations are still primarily using their SIEM tools to keep an eye on firewalls, which was the most-cited event data source, named by 66% of organizations. Dean says he was surprised to see feeds from IDS/IPS rank sixth and switches and routers rank seventh in popularity of data sources, named by just about one-fifth of organizations in each case.

While this may be somewhat discouraging, there may be a silver lining in it, as two data source categories ranking above these network devices was applications and databases. This suggests more applications are kept under tabs to detect malicious activity.

"This could indicate that applications are actually being built to be tied into logging, which may be feeding into SIEM, which is then doing aggregation and correlation of that information to see what's happening there," says Francis.

Nevertheless, organizations still struggle with SIEM deployments. The survey showed that 44% of organizations report that managing the general complexity of SIEM products is their No. 1 challenge in this area. Meanwhile, 37% of organizations say the lack of SIEM integration with network management tools is a challenge, and 34% say they have trouble building correlation rules so essential to that real-time threat detection. According to Francis, a lot of the issues organizations have with SIEM tools come from a lack of resources, as many organizations fail to fund SIEM maintenance after the initial push to deploy.

"Complexity is a big issue, as is issues with total cost of ownership," says Francis. "It is not just an issue of acquiring and installing a SIEM. You have to do quite a bit of integration, configuration and ongoing maintenance. And you've got to have dedicated resources for it if you want it to be responsive."

And that's just the organizations that actually deploy SIEM. A survey by SANS Institute released this spring showed that just 22% of organizations that collect logs utilize SIEM systems. Francis says it may be time for a reimagining of the space.

"By and large, the general theme is that SIEM is still fairly reactive--we're always behind the curve and trying to get ahead of the threats," he says. "I almost wonder if there is a different model where we wipe out these models and go to a whole different approach that could leapfrog over the current technology, almost like Google did to the competition for search so many years ago."

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers