Even a free solution is expensive in terms of your time and resources necessary for security event management. Adding more products, alerts and events does not always improve security – often it adds more noise that must be filtered out, or worse yet ignored. Investment of resources should be focused on managed SIEM solutions that reduce the noise to deliver results you can act upon to reduce risk.
Case in point: Watching open source security event management solutions and threat ratings within an IT community. Provided for free with platform integration, the impact on resources at first appears minimal. Then a stream of malicious IP ratings for known vendor web services appears, and you have time sink and increasing noise factors. Reactions range from turning off the solution to asking “Why,” which only increases the time invested.
Lack of context for the malicious IP ratings will raise more questions, followed by do-it-yourself advice on how to investigate. The time sinks get worse, frustration develops, and your risk profile remains unchanged. The net impact is that the “free” solution increases your noise factor and consumes valuable resources for security event management.
A more intelligent approach is to start with a goal of reducing your noise factor, increasing time-to-value, and improving resource utilization. You can obtain this with managed SIEM solutions acting as an extension of your IT security team. The service runs false positives to ground, works daily with the latest big data security tools, and is rewarded for finding intelligence you can act upon. This is a win-win solution, as the results save time and money and reduce risk.
Tom Clare, Head of Corporate & Product Marketing
Arctic Wolf Networks