SIEM Survey:  Number of resources required

Recently, I initiated a test survey using Linkedin’s Polling feature.  The survey was a quick and dirty way to help me gain a bit more perspective as to the number of resources organizations are putting towards their SIEM Projects.  There are a ton of limitations to this type of survey, including the fact you only have 75 characters to present your question to the audience.  That said, I’m sure I could have worded my survey question and responses even more clearly.  Those limitations aside, the results were very consistent with my observations over the last several years.  Put simply it requires a lot of effort, even halfway through 2009, to run a successful SIEM Project. 

Over the last month 13 organizations (75%+ Large or Enterprise Organizations) have taken the time to respond directly to the LinkedIn poll.  Quite a few more people went further and emailed me with details, questions and observations.  Just using the survey results, nearly 70% indicated that they had 2 or more FTE’s dedicated to SIEM.  With an additional 15% responding simply “Not Enough”.  100% responded with at least 1 FTE. 

image

My take on this initial poll - Even with all the improvements SIEM vendors are making in their products, SIEM’s are still not “plug ‘n play” systems, you need dedicated resources (internal, consultant, partner, etc) to extract the maximum value from your SIEM.  Duh!, I’ve been saying that for years, but it’s nice to see others nodding their head every once in a while.

I’m working on a better series of questions and responses with a more clear focus on for the next set of survey’s and I’ll use a more robust mechanism to accomplish that goal.  I’ll be using SurveyMonkey to get a better perspective and more clear insight into all things SIEM (and Log Management).  Look for those survey’s to begin in early July with results and analysis to follow shortly thereafter.  If you have questions or observations you’d like me to ask to the world about Log Management or SIEM - leave me a comment or email/DM me!  Thanks.

Posted by Rocky on 06/08 at 05:00 AM

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below:


Next entry: Gartner 2009 SIEM Magic Quadrant

Previous entry: Incident Response: A walk in the park