First, let me refer to my classic deck on SIEM and log management "worst practices." The first two practices are related to choosing a SIEM product and are shown below:
WP1: Skip need determination step altogether - just buy something
- "My boss said that we need a correlation engine" (more about this mistake)
- "I know this guy who sells log management tools …"
WP2: Define the need for SIEM in general
- "We need, you know, ‘do SIEM' and stuff"
These situations are actually quite common and most unquestionably wrong; and many a SIEM project has been slaughtered as a result.
In any case, what IS the least wrong way? How about this flow (drastic oversimplification alert!):
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more