4 Replies Latest reply on Apr 24, 2014 12:28 PM by dclick

    Help needed - What Justification did you guys use to get your company to approve LEM?

    dclick

      What Justification did you guys use to get your company to approve LEM?

        • Re: Help needed - What Justification did you guys use to get your company to approve LEM?
          familyofcrowes

          This was mine, although focused on our needs that I'm sure are different than yours:

           

          Ø  Similar to our current product, the LEM enforces security via automated rules and alerts, but with more ease of use allowing the administration of these alerts to be shared among more admins.

          Ø  LEM is a virtual appliance running on VMWare and conserving resources.

          Ø  No real limit to data retention.  Existing system only holds data for 90 days.

          Ø  Central repository for IT infrastructure data mining for the entire company providing a single location for troubleshooting and research within Orion.

          Ø  Infosec has active interest in also using this system for worm detection, “out-of-box” responses, report and data correlating capabilities.  This will provide InfoSec with the data needed to research rouge users, VPN usage including contractor’s time in and out along with security features that are not available to us today.

          Ø  LEM provides “Active Responses” that take actions such as quarantining infected machines, blocking IP addresses. This will take our anti-virus to the next step by preventing an infected machine from infecting others.

          Ø  Advanced  IT search capability makes it easy to discover issues using a drag and drop interface that tracks events instantly.

          Ø  More than 300 "audit-proven" templates for regulatory compliance including: PCI DSS, GLBA, SOX, NERC CIP, HIPAA.  Although this is not needed today, following these procedures can enhance our processes in a similar way that ITIL enhances our procedures. 

          LEM will eliminate the need for us to spend time creating scripts and queries in order to access the data, as we do today with LogLogic.  We have built over 100 custom scripts

          1 of 1 people found this helpful
          • Re: Help needed - What Justification did you guys use to get your company to approve LEM?
            byrona

            We are in a bit of a different situation than most companies because we are a service provider.  We were already using LEM for customer solutions and we believe in "eating our own dog food" so it made sense for us to get it as well.  Besides my company didn't want me using our customer systems as a test bed for new rules and such. 

             

            When I pitch the idea to customers I focus on the single pane of glass for not just Infosec but also for operational data telling stories of how problems were quickly identified by having all of your log data in one place and easily searchable.  Basic Firewall and AntiVirus are no longer considered adequate in today's Infosec world and a SIEM such as LEM is really the central focal point of a good security solution as it provides IPS, IDS, and audit capabilities to the environment.

             

            Hope this helps!

            1 of 1 people found this helpful