The Applicability of a SIEM Solution: Requirements and Evaluation

Abstract

The need for SIEM systems increased in the last few years, especially as cyber-attacks are evolving and targeting enterprises, which may cause discontinuity of their services, leakage of their data, and affect their reputation. Cybersecurity breaches can range from no or limited impact to stealing or manipulation of data, or even taking control of systems. Many companies seek to reinforce their security capabilities to better safeguard against cybersecurity threats, so they adopt multi-layered security strategies that include using a SIEM solution. A significant factor for the increasing adoption of SIEMs is the capabilities that such systems offer, being able to provide near-real time analysis of security alerts and logs generated from various set of sources within an organization IT infrastructure. However, implementing a SIEM solution is not just an installation phase that fits any scenario within any organization; the best SIEM system for an organization may not be suitable at all for another one. An organization should consider other factors along with the technical side when evaluating a SIEM solution. This paper proposes an approach to aid enterprises, in selecting the most suitable SIEM solution; it suggests technical and organizational requirements that should be addressed and examines the SIEM applicability using quantitative and qualitative evaluation criteria.