cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Multi-tenancy within a SIEM

Hi All

 

One of the issues I have faced during my career is that of multi-tenancy, and the choice of SIEM.  Why is this an issued, well there are MSSP's who follow the NIST cybersecurity framework life cycle - but many Small to Medium organisations simply cannot afford all the bells and whistles even at the most minimum offering i.e. inclusion of Machine Learning, Automation, and Augmented Intelligence and Incident Response services.  

 

Some vendors claim multi-tenancy with caveats for example:  one of them states you can have the feature, but you need careful design, management and essentially there are rules and limitations, which all contribute to the risk of data leakage between tenants without sufficient segregation and separation.  Others claim, they provide it through federated Identity access.   However, in many cases, the risks are only minimised, if you the organisation own the entire domains under your control, and you manage it centrally yourselves.

 

So if you had a plain piece of paper to work from; what attributes, non-functional requirements would you require before you committed to using a SIEM with true multi-tenancy capabilities?    

 

Regards

 

Caute_cautim

Tags (2)