|
|
09-18-2010
Registered User
26,240,
27
SIEM ROI - How to prove it?
I received some emails lately asking me some advice on how to prove a SIEM Tool ROI to higher management (justify acquisition, prove that the solution helps, etc).
If you focus only in the technical aspects, I admit thatlife becomes more difficult (world crisis, lack of technical knowledge from higher management, etc) and gets hard to prove the ROI.
When I work with SIEM projects one of my major rules is to understand my customer business and not only the network/system security aspects.
With this information you can work together with your customer (internal/external) defining correlation rules that will not only help to secure the company network and systems but also will create a tremendous value for the business.
With this king of rule in place you know can on a more easy way collect the info that will prove the ROI of your solution.
Some questions you can ask in order to gather information:
Then, you can finally add the network/system security side to you analysis showing how many attacks the SIEM tool prevented (downtime=losses and losses=less money), how many reports you'll got able to generate easily (time=money, more time=more money) and how the different teams (operations, network, security, audit, financial) are taking advantage of the solution (less work=more life quality=more satisfaction=more production=more money).
And don't remember to answer the primary question (which is the main target of this post)
How much the SIEM tool saved?
Best Regards
More...
If you focus only in the technical aspects, I admit thatlife becomes more difficult (world crisis, lack of technical knowledge from higher management, etc) and gets hard to prove the ROI.
When I work with SIEM projects one of my major rules is to understand my customer business and not only the network/system security aspects.
- What they do?
- How they do?
- What facts can impact their revenue?
- What systems/devices are running their main applications?
- Are there any frauds they're aware of?
With this king of rule in place you know can on a more easy way collect the info that will prove the ROI of your solution.
Some questions you can ask in order to gather information:
- How many security/network/system events were identified by your SIEM solution?
- What will be the losses if your system hasn't identified them earlier?
- How much the system availability was improved since the SIEM solution was deployed?
- How many business/fraud events were detected by the tool?
- How much they will cost?
And don't remember to answer the primary question (which is the main target of this post)
How much the SIEM tool saved?
Best Regards
More...