With regards to SIEM, there are many tools to use. Requirements naturally dictate which is best, but costs can vary greatly. Splunk is one of the most popular and naturally the most expensive to use. Its licensing is based on the amount of data received and process, but it provides a treasure trove of information when trying to protect an organization.
To give a background on differences between levels of service, a discussion covering what specific products can do should be done. Whether it be SIEM or a security management tool, the cost of its licensing can vary greatly. These costs can be either based on data amounts (for example Splunk is based on total amounts of log data produced) or by system monitored. There are also open source products that are sponsored by governments like the OpenVAS platform.
Beginning with examples of security vulnerability scanning tools, we look at OpenVAS and GFI LanGuard. OpenVAS which has no licensing fee and can be used to meet regulatory requirements. The drawbacks naturally are that it does not come close to the level of accuracy or information provided by other tools like GFI LanGuard. GFI LanGuard provides much deeper level of analysis and can also provide services like configuration management and patch management.
To perform these management activities, we use our six-step process to decide what can be done on site, what should be done within our Cyber Security Operations Center (CSOC), and what types of software and techniques are optimal and meet requirements. Generally, we categorized our security management services into three distinct levels are based on complexity and pricing to better fit your organization. To assist our customers in selecting the right type of monitoring solution, we offer three different levels of monitoring based on these four areas. Our monitoring solutions can either be on-site at your location where it is installed, configured and maintained by us, or off-site through our Cyber Security Operations Center (CSOC).
Our cyber security management service for organizational risk are based on best business practices and ISO/IEC 27001 Information Security Management for maintaining what is called the “ISMS” or Information Security Management System. Put simply, we build your ISMS to manages cyber security processes like:
MSS is a combination of consulting, monitoring and training services for managing risk
On the other end of the spectrum, there is open-source software to use for log analysis like Elasticsearch. Like the security scanning software, it does not provide many of the benefits of software like Splunk but can it can be used to give a basic level of security to small organizations that may not have a high-risk level.