Tuesday, February 20, 2007

Methods and tactics for avoiding failure in large SEM implementations

Most of the work we undertake is a mixture of penetration testing, audits, post-incident clean-up, and secure infrastructure deployment. However, over the last 12 months we have repeatedly been called upon to rescue failed or failing projects around the area of Security Event and Information Management (SEM/SIEM). We've collected all the knowledge gained in these "rescue projects" and have packaged it in a short whitepaper for download. For those of you that like to know what they have been given before it is unwrapped, here is the abstract:

"Many will be familiar with the English proverb “more haste, less speed”, or to put it another way, finishing a task quickly is not about rushing. This advice could have been tailor made for complex IT projects. In this paper we learn how to mitigate some of the risks and reduce the costs associated with implementation of Security Event Management systems, arguably among the most complex and highest profile information security projects undertaken today."

If you are considering one of these systems then we think you should spend 9 pages and 15 minutes in this vendor-free hype-free document.