Is your SIEM due an MOT? - Part 1
25/03/19 – Author: Martyn O’Connor MBE – Certified Splunk Consultant
So imagine you’ve bought a fancy new car. It’s the top of the range, has all the extras and it’s your pride and joy. Ask yourself how you would treat that car. Would you wash and polish it every Sunday afternoon, would you take it in for a service when it was due? Of course you would. You want it to keep on running smoothly, you want to look after it for the joy it brings you. But what about the security of your business?
I imagine you care about that too and you may have bought into some technical solutions to help you manage in an increasingly complex threat environment. However, simply throwing money at the problem can literally be a false economy. As someone who provides Splunk Professional Services, too many times – especially in the run up to GDPR – have I seen businesses engage in box-ticking exercises with regards to their security; “we bought a SIEM so now we are secure”. Buying a SIEM solution is a great first step, but unless you continue to care for it and continue to engage with it, then with every day that goes by it can fall further and further behind emerging threats. Not only that but, to draw a parallel to the example of a brand new car, we all know that we can have high confidence that a car is functioning perfectly as we drive it off the dealer’s forecourt, but if we do nothing to check or service it, how much confidence can we have a year later? Two years later? So how confident are you now that your SIEM solution is functioning as it should? How confident are you that it’s going to spot things that are going wrong? How confident are you that you’re getting the best performance out of it?
At Somerford, our Splunk Professional Services Consultants are often called upon to set up a new installation of Splunk, or to configure the onboarding of a difficult new data source. Far less often are we called upon to check up on how healthy a customer’s Splunk environment is. Speaking from personal experience, this is a surprising thing for me, as almost all engagements with customers have revealed problems with their Splunk environment. These issues can range from trivial matters that have a small performance impact, through to fundamental blockers to business effectiveness. Many of these problems are also the kind of thing that could have been avoided easily. This is why it’s so important to have someone with the right technical know-how visit and check up on your Splunk environment periodically, especially after any large changes to the environment such as a version upgrade, or a shift from standalone to clustered architecture. Health checks allow you to once again have confidence that your environment is functioning optimally and they also give you the opportunity for someone with a depth of knowledge and experience to highlight ideas and approaches to using your SIEM that you may not have considered before, or to highlight new features you didn’t even know you could use.
Somerford has a variety of offerings, ranging from a basic one day health check which will identify any issues that may need addressing, through to a week long in-depth study of your environment and your use cases. Get in touch if you would like to discuss having a professional come and give your Splunk environment a thorough MOT.
To learn more about how a Splunk check up can improve your Splunk instance, follow on for part 2.
Is your SIEM due an MOT? - Part 2
Not sure how to contact us?
Schedule a call with one of our certified engineers and pre sales team. Or drop us a line if you have any questions.