Building a Better SIEM

Posted by Susan Sison on Mar 2, 2017 9:00:12 AM


A tough regulatory environment and growing data privacy concerns have organizations looking for more efficient ways to monitor, analyze and respond to threat intelligence in context — bringing the value of security information event management (SIEM) into focus. Although adopting SIEM is much more than just a plug-and-play proposition, maintaining an advanced, scalable solution that optimizes cybersecurity effectiveness is an investment in the success of your business.

Sales of SIEM software jumped 3.7% to $22.1 billion last year, and it’s no surprise. SIEM solutions are gaining traction as organizations face ever-evolving sophisticated threats against distributed, business critical data.

With so many entry and exit points to the network and myriad data stores to protect, keeping a watchful eye on who is accessing what data and where is a monumental task at best. Compounding the challenge are increasingly rigorous regulatory requirements such as HIPAA, PCI and the upcoming GDPR. All mandate best-in-class data protections and strict breach reporting, making SIEM even more critical.

What Is SIEM?

Gartner defines SIEM as a “technology that aggregates event data produced by security devices, network infrastructures, systems, and applications.” It’s goal (per Gartner) is to apply “security analytics to event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, analyze and report on log data for incident response, forensics and regulatory compliance.”

In effect, SIEM provides real value in security and compliance through:

  • Event/log collection: SIEM is unique in that it combines the events from security wares with network events/logs to build a more holistic picture of threats, end-to-end.
  • Normalization: Network and security tools rarely view the same data in the same way. Consider the differences between a network view of a user (IP or MAC address) vs. a security view (log name, full name, organization role). The best SIEMs are able to normalize these to provide real-time data surrounding the holistic view of “the user.”
  • Correlation: SIEM provides context to all that data, ensuring that staffers can connect the dots between events on different toolsets and platforms, translating alerts from one tool to the next and pushing critical alerts to the top.
  • Reporting/alerting: Since it is able to collect, normalize and correlate alerts from across the network in a seamless, automated fashion, SIEM enables staffers to create real-world thresholds and alerts that pinpoint potential threats in real-time.

The result? Organizations with SIEM implementations are able to more quickly detect and mitigate threats, while being better able to ensure compliance mandates continue to be tracked and met.

How to Optimize SIEM

Still, all this SIEM goodness doesn’t happen automatically. Successful SIEM projects require investments in planning, staffing and especially the software platform that makes it all tick.

Fortinet knows this and has designed its FortiSIEM platform specifically to address today’s security and compliance challenges. It offers comprehensive, holistic and scalable SIEM capabilities along with actionable real-time analytics, out-of-the box predefined compliance reports and more. It enables organizations to tightly manage network security, performance and compliance standards from the data center, to mobile, IoT and the cloud from a single pane of glass.

A Fortinet partner, NCA can help you deploy a best-in-class FortiSIEM to keep you ahead of threats and compliance obligations. To get started, complete a Fortinet cyber threat assessment, or contact us to learn more.


Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.

NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.