Posted on

Suggested Title: 6 Questions To Ask When Recommending SIEM

In view of today’s threat landscape, more and more organizations are looking to add security information and event management (SIEM) to their cybersecurity architecture. SIEM is a security intelligence solution that delivers a panoramic view of the health of your customers’ IT infrastructures by analyzing security events, network flows and log data in real time.

However, SIEMs are complex technologies that have to be integrated with numerous security controls and hosts across the IT infrastructure. So, before recommending an SIEM to your customers, make sure it meets the right criteria. Here are some questions to help guide the process:

  1. Is the SIEM easy to manage? Ease of management is an important feature as it provides a holistic view of the network. Fortinet addresses this in an SIEM (FortiSIEM) that provides single-pane-of-glass administration with dashboard views of all information collected and analyzed.
  2. Can the SIEM identify attacks accurately and effectively? The strength of a SIEM is in breaking down layers of events into useful and purposeful information so as to respond to any threat with little delay. The Fortinet SIEM platform we offer achieves this with a distributed real-time event correlation engine that enables organizations to detect complex event patterns in real time.
  3. What tools does the SIEM feature to support real time analytics and forensics? You can provide real value to your customers by delivering an SIEM (like FortiSIEM) that supports analytics from diverse information sources such as logs, performance metrics, simple network management protocol (SNMP) traps, alerts and configuration changes.
  4. Can SIEM be integrated into a large enterprise or delivered as a service without extensive custom development? Re-designing an existing on-premise application is time-consuming and risky as it requires changing database schema to support tenant identifiers. Save your technicians (and customers) the headache with FortiSIEM—which is built around a highly customizable, multi-tenant architecture to simplify the management of  multiple physical/logical domains and overlapping systems and networks from one console.
  5. How easy is it to scale out a virtualized architecture? With cloud adoption approaching a tipping point, being able to offer SIEM as a VM that supports on-premise and public/private cloud deployments on multiple hypervisors is a huge plus.
  6. How timely and effective is the SIEM’s automated response capabilities? The ability to accurately monitor and perform real-time analyses of event logs is critical to flagging and responding to potential issues before they become bigger problems. FortiSIEM features an asset discovery and profiling tool that simplifies the categorization of network assets; along with actionable reports that make it easy to zero in on the events that need the most urgent attention.

As a partner of Fortinet, you have a real opportunity to bring the value of advanced, security intelligence and event management to your customers with FortiSIEM. This FortiSIEM datasheet can give you more details on specific features and their corresponding benefits. A value-added distributor of Fortinet cybersecurity technology including FortiSIEM, Fine Tec is here to support your business. Contact us with questions.