Why SIEM is Difficult

9/28/2023 12:00:00 PM [(UTC-05:00) Eastern Time (US & Canada)] - Can't make the live event? Register anyway to receive a link to the recording.

Show/Hide All Time Zones

All Time Zones


Dateline Standard Time-(UTC-12:00) International Date Line West	9/28/2023 4:00:00 AM
UTC-11-(UTC-11:00) Coordinated Universal Time-11	9/28/2023 5:00:00 AM
Aleutian Standard Time-(UTC-10:00) Aleutian Islands	9/28/2023 7:00:00 AM
Hawaiian Standard Time-(UTC-10:00) Hawaii	9/28/2023 6:00:00 AM
Marquesas Standard Time-(UTC-09:30) Marquesas Islands	9/28/2023 6:30:00 AM
Alaskan Standard Time-(UTC-09:00) Alaska	9/28/2023 8:00:00 AM
UTC-09-(UTC-09:00) Coordinated Universal Time-09	9/28/2023 7:00:00 AM
Pacific Standard Time (Mexico)-(UTC-08:00) Baja California	9/28/2023 9:00:00 AM
UTC-08-(UTC-08:00) Coordinated Universal Time-08	9/28/2023 8:00:00 AM
Pacific Standard Time-(UTC-08:00) Pacific Time (US & Canada)	9/28/2023 9:00:00 AM
US Mountain Standard Time-(UTC-07:00) Arizona	9/28/2023 9:00:00 AM
Mountain Standard Time (Mexico)-(UTC-07:00) La Paz, Mazatlan	9/28/2023 9:00:00 AM
Mountain Standard Time-(UTC-07:00) Mountain Time (US & Canada)	9/28/2023 10:00:00 AM
Yukon Standard Time-(UTC-07:00) Yukon	9/28/2023 9:00:00 AM
Central America Standard Time-(UTC-06:00) Central America	9/28/2023 10:00:00 AM
Central Standard Time-(UTC-06:00) Central Time (US & Canada)	9/28/2023 11:00:00 AM
Easter Island Standard Time-(UTC-06:00) Easter Island	9/28/2023 11:00:00 AM
Central Standard Time (Mexico)-(UTC-06:00) Guadalajara, Mexico City, Monterrey	9/28/2023 10:00:00 AM
Canada Central Standard Time-(UTC-06:00) Saskatchewan	9/28/2023 10:00:00 AM
SA Pacific Standard Time-(UTC-05:00) Bogota, Lima, Quito, Rio Branco	9/28/2023 11:00:00 AM
Eastern Standard Time (Mexico)-(UTC-05:00) Chetumal	9/28/2023 11:00:00 AM
Eastern Standard Time-(UTC-05:00) Eastern Time (US & Canada)	9/28/2023 12:00:00 PM
Haiti Standard Time-(UTC-05:00) Haiti	9/28/2023 12:00:00 PM
Cuba Standard Time-(UTC-05:00) Havana	9/28/2023 12:00:00 PM
US Eastern Standard Time-(UTC-05:00) Indiana (East)	9/28/2023 12:00:00 PM
Turks And Caicos Standard Time-(UTC-05:00) Turks and Caicos	9/28/2023 12:00:00 PM
Paraguay Standard Time-(UTC-04:00) Asuncion	9/28/2023 12:00:00 PM
Atlantic Standard Time-(UTC-04:00) Atlantic Time (Canada)	9/28/2023 1:00:00 PM
Venezuela Standard Time-(UTC-04:00) Caracas	9/28/2023 12:00:00 PM
Central Brazilian Standard Time-(UTC-04:00) Cuiaba	9/28/2023 12:00:00 PM
SA Western Standard Time-(UTC-04:00) Georgetown, La Paz, Manaus, San Juan	9/28/2023 12:00:00 PM
Pacific SA Standard Time-(UTC-04:00) Santiago	9/28/2023 1:00:00 PM
Newfoundland Standard Time-(UTC-03:30) Newfoundland	9/28/2023 1:30:00 PM
Tocantins Standard Time-(UTC-03:00) Araguaina	9/28/2023 1:00:00 PM
E. South America Standard Time-(UTC-03:00) Brasilia	9/28/2023 1:00:00 PM
SA Eastern Standard Time-(UTC-03:00) Cayenne, Fortaleza	9/28/2023 1:00:00 PM
Argentina Standard Time-(UTC-03:00) City of Buenos Aires	9/28/2023 1:00:00 PM
Greenland Standard Time-(UTC-03:00) Greenland	9/28/2023 2:00:00 PM
Montevideo Standard Time-(UTC-03:00) Montevideo	9/28/2023 1:00:00 PM
Magallanes Standard Time-(UTC-03:00) Punta Arenas	9/28/2023 1:00:00 PM
Saint Pierre Standard Time-(UTC-03:00) Saint Pierre and Miquelon	9/28/2023 2:00:00 PM
Bahia Standard Time-(UTC-03:00) Salvador	9/28/2023 1:00:00 PM
UTC-02-(UTC-02:00) Coordinated Universal Time-02	9/28/2023 2:00:00 PM
Mid-Atlantic Standard Time-(UTC-02:00) Mid-Atlantic - Old	9/28/2023 2:00:00 PM
Azores Standard Time-(UTC-01:00) Azores	9/28/2023 4:00:00 PM
Cape Verde Standard Time-(UTC-01:00) Cabo Verde Is.	9/28/2023 3:00:00 PM
UTC-(UTC) Coordinated Universal Time	9/28/2023 4:00:00 PM
GMT Standard Time-(UTC+00:00) Dublin, Edinburgh, Lisbon, London	9/28/2023 5:00:00 PM
Greenwich Standard Time-(UTC+00:00) Monrovia, Reykjavik	9/28/2023 4:00:00 PM
Sao Tome Standard Time-(UTC+00:00) Sao Tome	9/28/2023 4:00:00 PM
Morocco Standard Time-(UTC+01:00) Casablanca	9/28/2023 5:00:00 PM
W. Europe Standard Time-(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna	9/28/2023 6:00:00 PM
Central Europe Standard Time-(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague	9/28/2023 6:00:00 PM
Romance Standard Time-(UTC+01:00) Brussels, Copenhagen, Madrid, Paris	9/28/2023 6:00:00 PM
Central European Standard Time-(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb	9/28/2023 6:00:00 PM
W. Central Africa Standard Time-(UTC+01:00) West Central Africa	9/28/2023 5:00:00 PM
GTB Standard Time-(UTC+02:00) Athens, Bucharest	9/28/2023 7:00:00 PM
Middle East Standard Time-(UTC+02:00) Beirut	9/28/2023 7:00:00 PM
Egypt Standard Time-(UTC+02:00) Cairo	9/28/2023 7:00:00 PM
E. Europe Standard Time-(UTC+02:00) Chisinau	9/28/2023 7:00:00 PM
Syria Standard Time-(UTC+02:00) Damascus	9/28/2023 7:00:00 PM
West Bank Standard Time-(UTC+02:00) Gaza, Hebron	9/28/2023 7:00:00 PM
South Africa Standard Time-(UTC+02:00) Harare, Pretoria	9/28/2023 6:00:00 PM
FLE Standard Time-(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius	9/28/2023 7:00:00 PM
Israel Standard Time-(UTC+02:00) Jerusalem	9/28/2023 7:00:00 PM
South Sudan Standard Time-(UTC+02:00) Juba	9/28/2023 6:00:00 PM
Kaliningrad Standard Time-(UTC+02:00) Kaliningrad	9/28/2023 6:00:00 PM
Sudan Standard Time-(UTC+02:00) Khartoum	9/28/2023 6:00:00 PM
Libya Standard Time-(UTC+02:00) Tripoli	9/28/2023 6:00:00 PM
Namibia Standard Time-(UTC+02:00) Windhoek	9/28/2023 6:00:00 PM
Jordan Standard Time-(UTC+03:00) Amman	9/28/2023 7:00:00 PM
Arabic Standard Time-(UTC+03:00) Baghdad	9/28/2023 7:00:00 PM
Turkey Standard Time-(UTC+03:00) Istanbul	9/28/2023 7:00:00 PM
Arab Standard Time-(UTC+03:00) Kuwait, Riyadh	9/28/2023 7:00:00 PM
Belarus Standard Time-(UTC+03:00) Minsk	9/28/2023 7:00:00 PM
Russian Standard Time-(UTC+03:00) Moscow, St. Petersburg	9/28/2023 7:00:00 PM
E. Africa Standard Time-(UTC+03:00) Nairobi	9/28/2023 7:00:00 PM
Volgograd Standard Time-(UTC+03:00) Volgograd	9/28/2023 7:00:00 PM
Iran Standard Time-(UTC+03:30) Tehran	9/28/2023 7:30:00 PM
Arabian Standard Time-(UTC+04:00) Abu Dhabi, Muscat	9/28/2023 8:00:00 PM
Astrakhan Standard Time-(UTC+04:00) Astrakhan, Ulyanovsk	9/28/2023 8:00:00 PM
Azerbaijan Standard Time-(UTC+04:00) Baku	9/28/2023 8:00:00 PM
Russia Time Zone 3-(UTC+04:00) Izhevsk, Samara	9/28/2023 8:00:00 PM
Mauritius Standard Time-(UTC+04:00) Port Louis	9/28/2023 8:00:00 PM
Saratov Standard Time-(UTC+04:00) Saratov	9/28/2023 8:00:00 PM
Georgian Standard Time-(UTC+04:00) Tbilisi	9/28/2023 8:00:00 PM
Caucasus Standard Time-(UTC+04:00) Yerevan	9/28/2023 8:00:00 PM
Afghanistan Standard Time-(UTC+04:30) Kabul	9/28/2023 8:30:00 PM
West Asia Standard Time-(UTC+05:00) Ashgabat, Tashkent	9/28/2023 9:00:00 PM
Ekaterinburg Standard Time-(UTC+05:00) Ekaterinburg	9/28/2023 9:00:00 PM
Pakistan Standard Time-(UTC+05:00) Islamabad, Karachi	9/28/2023 9:00:00 PM
Qyzylorda Standard Time-(UTC+05:00) Qyzylorda	9/28/2023 9:00:00 PM
India Standard Time-(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi	9/28/2023 9:30:00 PM
Sri Lanka Standard Time-(UTC+05:30) Sri Jayawardenepura	9/28/2023 9:30:00 PM
Nepal Standard Time-(UTC+05:45) Kathmandu	9/28/2023 9:45:00 PM
Central Asia Standard Time-(UTC+06:00) Astana	9/28/2023 10:00:00 PM
Bangladesh Standard Time-(UTC+06:00) Dhaka	9/28/2023 10:00:00 PM
Omsk Standard Time-(UTC+06:00) Omsk	9/28/2023 10:00:00 PM
Myanmar Standard Time-(UTC+06:30) Yangon (Rangoon)	9/28/2023 10:30:00 PM
SE Asia Standard Time-(UTC+07:00) Bangkok, Hanoi, Jakarta	9/28/2023 11:00:00 PM
Altai Standard Time-(UTC+07:00) Barnaul, Gorno-Altaysk	9/28/2023 11:00:00 PM
W. Mongolia Standard Time-(UTC+07:00) Hovd	9/28/2023 11:00:00 PM
North Asia Standard Time-(UTC+07:00) Krasnoyarsk	9/28/2023 11:00:00 PM
N. Central Asia Standard Time-(UTC+07:00) Novosibirsk	9/28/2023 11:00:00 PM
Tomsk Standard Time-(UTC+07:00) Tomsk	9/28/2023 11:00:00 PM
China Standard Time-(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi	9/29/2023 12:00:00 AM
North Asia East Standard Time-(UTC+08:00) Irkutsk	9/29/2023 12:00:00 AM
Singapore Standard Time-(UTC+08:00) Kuala Lumpur, Singapore	9/29/2023 12:00:00 AM
W. Australia Standard Time-(UTC+08:00) Perth	9/29/2023 12:00:00 AM
Taipei Standard Time-(UTC+08:00) Taipei	9/29/2023 12:00:00 AM
Ulaanbaatar Standard Time-(UTC+08:00) Ulaanbaatar	9/29/2023 12:00:00 AM
Aus Central W. Standard Time-(UTC+08:45) Eucla	9/29/2023 12:45:00 AM
Transbaikal Standard Time-(UTC+09:00) Chita	9/29/2023 1:00:00 AM
Tokyo Standard Time-(UTC+09:00) Osaka, Sapporo, Tokyo	9/29/2023 1:00:00 AM
North Korea Standard Time-(UTC+09:00) Pyongyang	9/29/2023 1:00:00 AM
Korea Standard Time-(UTC+09:00) Seoul	9/29/2023 1:00:00 AM
Yakutsk Standard Time-(UTC+09:00) Yakutsk	9/29/2023 1:00:00 AM
Cen. Australia Standard Time-(UTC+09:30) Adelaide	9/29/2023 1:30:00 AM
AUS Central Standard Time-(UTC+09:30) Darwin	9/29/2023 1:30:00 AM
E. Australia Standard Time-(UTC+10:00) Brisbane	9/29/2023 2:00:00 AM
AUS Eastern Standard Time-(UTC+10:00) Canberra, Melbourne, Sydney	9/29/2023 2:00:00 AM
West Pacific Standard Time-(UTC+10:00) Guam, Port Moresby	9/29/2023 2:00:00 AM
Tasmania Standard Time-(UTC+10:00) Hobart	9/29/2023 2:00:00 AM
Vladivostok Standard Time-(UTC+10:00) Vladivostok	9/29/2023 2:00:00 AM
Lord Howe Standard Time-(UTC+10:30) Lord Howe Island	9/29/2023 2:30:00 AM
Bougainville Standard Time-(UTC+11:00) Bougainville Island	9/29/2023 3:00:00 AM
Russia Time Zone 10-(UTC+11:00) Chokurdakh	9/29/2023 3:00:00 AM
Magadan Standard Time-(UTC+11:00) Magadan	9/29/2023 3:00:00 AM
Norfolk Standard Time-(UTC+11:00) Norfolk Island	9/29/2023 3:00:00 AM
Sakhalin Standard Time-(UTC+11:00) Sakhalin	9/29/2023 3:00:00 AM
Central Pacific Standard Time-(UTC+11:00) Solomon Is., New Caledonia	9/29/2023 3:00:00 AM
Russia Time Zone 11-(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky	9/29/2023 4:00:00 AM
New Zealand Standard Time-(UTC+12:00) Auckland, Wellington	9/29/2023 5:00:00 AM
UTC+12-(UTC+12:00) Coordinated Universal Time+12	9/29/2023 4:00:00 AM
Fiji Standard Time-(UTC+12:00) Fiji	9/29/2023 4:00:00 AM
Kamchatka Standard Time-(UTC+12:00) Petropavlovsk-Kamchatsky - Old	9/29/2023 5:00:00 AM
Chatham Islands Standard Time-(UTC+12:45) Chatham Islands	9/29/2023 5:45:00 AM
UTC+13-(UTC+13:00) Coordinated Universal Time+13	9/29/2023 5:00:00 AM
Tonga Standard Time-(UTC+13:00) Nuku'alofa	9/29/2023 5:00:00 AM
Samoa Standard Time-(UTC+13:00) Samoa	9/29/2023 6:00:00 AM
Line Islands Standard Time-(UTC+14:00) Kiritimati Island	9/29/2023 6:00:00 AM

Webinar Registration

Gartner coined the term SIEM in 2005 so this is not a new technology. However, meeting goals and expectations for SIEM technology remains notoriously difficult to achieve. Why is this?

To begin with, it’s a tall order to detect breaches from raw log data because raw log data is very, very … raw. Log data is cryptic, redundant, poorly formatted and varies widely from source to source. Log data is also untrustworthy. You must know so much about the idiosyncrasies of each log source in order to interpret it.

Then there’s the problem of scale. Logs are huge in 3-dimensional terms:

Sheer volume of events to process per second
Sheer volume of mass storage needed to archive events
Sheer quantity of endpoint log sources

Of course, this means that storage, processing, bandwidth requirements of SIEM are big but so are the care and feeding. Most SIEMs tend to be pretty high maintenance – requiring arcane knowledge and skillsets just to keep the SIEM processing logs. I know of a very successful consulting firm that can’t keep up with the demand for their SIEM maintenance service.

Finally, there’s the actual dollar costs. Most SIEMs charge you based on amount of data processed and that’s hard enough to swallow but most SIEMs leave you responsible for the care and feeding costs too which tend to be linear with log volume, so you pay more than once for every gigabyte of data you ingest.

Having absorbed these costs, we have yet to get any value – other than perhaps checking a box on a compliance check list for audit log archival. Someone has to be using the SIEM – investigating alerts and doing threat hunting. SOC Analyst and Threat Hunter are another highly specialized skillset distinct from SIEM administration.

So, it’s no surprise that organizations struggle to really get ROI on SIEM.

In this real training for free event, we will look at the challenges to SIEM success and explore opportunities for overcoming them – and possibly even eliminating some of the classic problems with SIEM altogether.

LogRhythm is our sponsor for this training session. LogRhythm is a long time innovator in the SIEM market and Kevin Kirkwood will take over after my session to debut their new cloud-native SIEM – Axon.

Please join us for this real training for free session.

First Name:
Last Name:
Work Email:
Phone:
Organization:
Country:
State:
Zip/Postal Code:
Job Title:
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

September 2023 Patch Monday	"Patch Tuesday - Two Zero Days; Five Critical " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.