First, buy SIEM software that is over-priced, blowing your budget for other business needs. Focus on esoteric features that the vendor hypes, but that you do not need. Select software that is extremely hard to use, configure and maintain.
Next, make sure the SIEM solution requires an entire team of security professionals to operate, eliminating any possibility of you sleeping or enjoying life. The difficulty of the software must make rollout painful for your entire organization, and guarantee slower time-to-value. Do not buy an SIEM that comes packaged with built-in rules and intelligence to help you.
If the SIEM vendor is counting on services revenue to bail you out after you buy it, that’s even better. Or, you can engage a third party – either way your budget will be sucked dry for years to come.
Finally, set up management with high expectations after all of these expenses. Be sure to get a SIEM that makes management reporting painful for everyone involved, so that management has no idea about the value of the SIEM and develops a negative attitude about the project and you..
Please consider a free trial of a sensible SIEM offered by SolarWinds – Log & Event Manager. It’s an understated SIEM that offers all the real time monitoring capabilities you need, pre-built security and compliance intelligence and easy reporting features. It covers you “soup to nuts” – not just your network, but your apps, data and endpoints. Try it and see if you don’t agree – it’s pretty darned easy, compared with your alternatives – unless you don’t like sleeping or enjoying life.
The trick is ignoring the hype, marketing and sales tactics vendors often use, and instead focusing on your business realities and needs. When it comes to SIEM, this is critically important.
Graphic courtesy of :How to Become a Total Failure - The Ten Rules of Highly Unsuccessful People