HOME

Expert Resources for (Technical) Project Management - from Conception to Implementation

HOME

  ABOUT SECURESCRYPT
SecureScrypt has simplified the way organizations detect and respond to today’s ever evolving threat landscape. Our unique and award-winning approach, trusted by thousands of customers, combines the essential security controls of our all-in-one platform, SecureScrypt Unified Security Management, with the power of SecureScrypt’s Open Threat Exchange, TheHipe, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams.
SecureScrypt, Open Threat Exchange, OTX, AlienApps, Unified Security Management, USM, USM Appliance, and USM Anywhere are trademarks of SecureScrypt and of their respective owners
 
 

Security Information and Event Management (SIEM)

Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. The acronym SIEM is pronounced "sim" with a silent e.

The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. For example, when a potential issue is detected, a SIEM might log additional information, generate an alert and instruct other security controls to stop an activity’s progress.

At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEMs have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR).

Payment Card Industry Data Security Standard (PCI DSS) compliance originally drove SIEM adoption in large enterprises, but concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer. Being able to look at all security-related data from a single point of view makes it easier for organizations of all sizes to spot patterns that are out of the ordinary.

Today, most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewallsantivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.

In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced. Although advancements in machine learning are helping systems to flag anomalies more accurately, analysts must still provide feedback, continuously educating the system about the environment.

Here are some of the most important features to review when evaluating SIEM products:

• Integration with other controls - Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?

• Artificial intelligence - Can the system improve its own accuracy by through machine and deep learning?

• Threat intelligence feeds – Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?

• Robust compliance reporting - Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?

• Forensics capabilities – Can the system capture additional information about security events by recording the headers and contents of packets of interest?

The past, present and future of SIEM technology

Security information and event management technology has been around for over a decade. Now entering its "2.0" phase, SIEM technology is now turning into a "security big data analytics" platform, says Mike Rothman in this in-depth and lively webcast.

Rothman begins with a brief history: How SIEM developed out of necessity -- that is, out of the need to deal with the flood of alerts issued from IPS and IDS systems that was overwhelming the IT department.  

It became over time more of an information platform, aggregating logs from firewalls and other devices. But that technology was complex and hard to tune, and to identify attacks, IT pros had to know what they were looking for.

This led to the forced evolution of the SIEM platform, Rothman explains. SIEMs are now built as a data store for high-velocity input, with a focus on usability. That means pros need to be using the tool all the time, looking at the data and making sure alerts signal true problems. There are still constraints on SIEM capability but it is invariably going to be the linchpin of enterprise security into the future.

What the future holds for SIEM, Rothman attempts to predict. He sees the current period of inflated expectations for SIEM ending, followed by what he terms the "plateau of productivity." What's key now is for IT security teams to learn how to increase the fidelity of the data a SIEM collects. Full packet capture will be the key capability of the future SIEM system, which means big data will be at the foundation of any effective SIEM product.

Rothman closes with a note on the skills IT pros will need to manage modern SIEM tools, and how it will be a combination of pattern matching and human interaction that will the key to its success. For all its capabilities, SIEM is no "set it and forget it" technology -- enterprise must have on staff the people with statistical and math skills to make sense of the big data collected.

By viewing this webcast, infosec pros will be able to better realize the promise of SIEM and be prepared for its coming iterations, which includes acquiring the skills they need to have to use the most modern SIEMs effectively.

What SIEM features are essential for your company?

Take a look at some of the best SIEM tools on the market implemented by SecureScrypt Teams

1.    SolarWinds Security Event Manager (FREE TRIAL) ...

2.    Micro Focus ArcSight Enterprise Security Manager (ESM) ...

3.    Splunk Enterprise Security. ...

4.    LogRhythm Security Intelligence Platform. ...

5.    AlienVault Unified Security Management. ...

6.    RSA NetWitness. ...

7.    IBM QRadar.

 

 
 

HOME/Zurueck

 
  (c)2019  Contact: Neoi-SecureScrypt - info@securescrypt.com Ph.: +491711638089 - +6590090296  AGB  Impressum