Plan Effective SIEM First, Compliance Second

Security information and event management (SIEM) is a major priority for large companies. It’s a reporting process that provides a holistic view of the health of an organization’s IT security as well as important details for various kinds of compliance regulations, including GLBA, PCI, FISMA, HIPAA, and more.

But while SIEM helps your organization by logging all events, defining and documenting threats, and tracking length of events and tickets, the requirements associated with this data change for each kind of compliance a company is trying to achieve. And just because your company is concerned with one kind of compliance now doesn’t mean you won’t need to switch gears to meet another set of standards later.

Today you’re worried about SOX compliance, but tomorrow it might be something else. The most efficient way to make sure your SIEM system is valuable beyond this year’s compliance requirements is to build it while planning for future compliance needs. Here are three ways to do so:

  1. Build around SIEM limitations

As we have previously shared, SIEM is helpful solution for enterprise security. However, it has certain limitations that can render it inefficient if you don’t make further investments in technology and personnel. Overcome these limitations by using SIEM as a starting point and integrating it with a data management solution that brings more context to the results. With a better grasp of the meaning of the data you collect, you’ll be more prepared for compliance situations that arise in the next 5 to 10 years.

  1. Augment your SIEM with IT auditing solution

Many IT pros find that SIEM solutions include auditing gaps where data is missing in the targeted system’s audit data. Integrating SIEM with IT auditing soluition for successful event log monitoring and reporting can add to or replace your SIEM with features that make it easy to find relevant answers to your question about events within your network. This means that no matter what type of compliance you are focused on this year, you will still collect and organize the data you need for a different kind of compliance later on.

  1. Focus on security first and compliance second

Compliance exists to give companies official standards for security best practices. Focusing too much on compliance without regard to whether or not it actually affects your security status puts the cart before the horse and misses the point. And when 3 in 4 IT professionals report that SIEM solutions don’t reduce security incidents, it’s a sure sign that something is missing from their approach.

Planning for change is a constant in the field of technology, and planning for compliance is no different. That’s why the most effective IT departments are planning their SIEM solutions with future compliance in mind. For your company, compliance may be an ever-expanding moving target. Instead of focusing solely on specific kinds of compliance, keep in mind that an effective SIEM system is one that can be flexible according to your needs.


Sara is a writer, an editor, and a blogger specializing in IT compliance, security investments, and HR.