Talent Pioneers

Thursday, 23 August 2018

SIEM (Security Information and Event Management)

 




What is SIEM?

Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
§  A SIEM system collects logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems.






Why is SIEM Necessary?

Ø  Rise in data breaches due to internal and external threats.
Ø  Attackers are smart and traditional security tools just are not enough.
Ø  Mitigate sophisticated cyber-attacks.
Ø  Manages large volumes of logs from multiple sources.
Ø  Meets exact compliance requirements





Why do organizations use it?




Threat Management:
The ability to detect risky scenarios and common attacks, as well as attack paths defined by the organization itself.

Compliancy:
                Joining the logs and reports of multiple systems within the organization, enabling an easy access and analysis by a built-in framework in each system.

Forensic Support:
Ø  The information available within SIEM is very valuable from a forensic perspective and can greatly aid a forensic analyst in his or her investigation.
Ø  SIEM allows forensic analysts to search within logs of many systems in a centralized way, without the need of re-collecting the log files of compromised systems.


Protection (What and How):


Implementation of SIEM:


Requirements:

  Ø  All Unix systems need a centralized logging system to be developed for the SIEM. Databases require a great many configuration steps
  Ø  Each web server needs a new process installed to monitor the web logs. Taking logs from cloud resources on AWS involves another complex series of configuration procedure.
  Ø  SIEM requires highly skilled IT personnel resources.
  Ø  Patching, hardware refreshes and overall change management have to be coordinated with SIEM

Use Cases:


SIEM Tools:
       Hewlett Packard Enterprise (HPE) ArcSight
       Splunk Enterprise Security (ES)
       IBM Security QRadar
       AlienVault Unified Security Management (USM)
       LogRhythm SIEM
       McAfee Enterprise Security Manager (ESM)
       Micro Focus Sentinel Enterprise
       SolarWinds Log & Event Manager
       Trustwave SIEM Enterprise and Log Management Enterprise
       RSA NetWitness Suite

"It takes time and effort to get things set up, and this is going to be a manpower initiative proportional to the complexity of organization"

Next
Prev Post
Previous
Next Post
Addglitters

About Addglitters

Author Description here..

0 on: "SIEM (Security Information and Event Management)"

Submit
Subscribe to Newsletter

Complete the form below, and we'll send you our recent update.

Recent Posts

© Copyright 2016 Talent Pioneers (Students Hub). Designed by Bloggertheme9. Distributed by Blogger Template.