123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Technology,-Gadget-and-Science >> View Article

Siem Empowering Security

Profile Picture
By Author: Wisemonkeys
Total Articles: 277
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

SIEM Empowering Security with deeper detection and faster response
Security today is a perfect blend of people process and technology. People have to follow process and use technology to secure our critical IT infrastructure and respond to threats in well-organized fast we can detect and remediate the hack.

As we know IT infrastructure can grow in size and complexity which makes it difficult to implement and manage security. The basic actionable intelligence we have in our system is the logs of the system. These logs record everything .with a right practise of logging storing and analysing these logs we can detect prevent and remediate threats. To manage the it security needs of organisation we need to implement SIEM solutions SIEM stands for “Security Incident and Event Management” Few examples of these solutions are : HP Arcsight, RSA SA(dell), IBM Qradar, Splunk

SIEM objective:

SIEM solutions have been around for many years and they were designed primarily for two objectives:

Collect, analyze, report and store log data from hosts, applications and security devices to support security ...
... policy compliance management and regulatory compliance initiatives
Process and correlate in real time event data from security devices, network devices and systems to identify security issues that pose the biggest risk to an organization .
To fulfil the above objective we need data from the following data sources Data Sources — Full Packet Capture, NetFlowand Logs We also need visibility of our environment having Threat Vectors — Endpoint, Network and Cloud. SIEM Architecture & terms Collection, Aggregation, Normatisation, Correlation, EPS Collection layer is where all logs are feed into the siem solution it uses two technologies PUSH , PULL Push when a device is able to send its logs to the SIEM eg SPAN Checkpoint OLE etc. Pull is when the collector has to register and get logs to siem solution e.g. windows snare etc. Since the number of logs created by our IT devices is huge in number we need optimize way to store and retrieve our security related logs. We make use of process of aggregation. Similar logs are stored with a number describing the number of events .we can set thresholds to be alerted after aggregation . The logs created by different machines have different format which makes it difficult to manage and detect alerts syslog of cisco is different from that of checkpoint .Normalisation maps these logs to a common event format on which co relation can be applied . Correlation is a process which helps use to distinguish between a false positive and a true incident False positive can be termed as a false detection of a possible threat. Incident is termed as an event that cause disruption to our Infrastructure. Using correlation alerts are created in siem solutions E.g. of alerts: Windows machine created /deleted Virus detected Web attack detected EPS events per second is a parameter which is used to know in a second how many events does a data source create. This information is also used to decide on how much storage would our SIEM consume

Conclusion In many instances, organizations go through multiple SIEM deployments to arrive at the same level of understanding as the TDBUMO process provides but with Significantly more effort, more financial investment, And more Resource utilization. As mentioned previously, “garbage in, garbage out” is often Used to Describe SIEM correlation. As it is with correlation, poor analysis, and poor planningWill only result in poor SIEM Coverage and performance, i.e., “garbage in, garbage out”.

It is said that “Knowledge is Power” and Wisemonkeys(https://wisemonkeys.info/) is the ideal platform to prove this right where this blog was posted. Additionally, when knowledge is free it should be shared. Therefore, keeping this in mind Wisemonkeys an LMS platform is developed so that people can exchange their ideas, knowledge, and experiences for the wise Gen Z.

SIGN UP(https://me.wisemonkeys.info/login) TODAY and upgrade your knowledge base

Total Views: 36Word Count: 636See All articles From Author

Add Comment

Technology, Gadget and Science Articles

1. Aircraft Docking Systems Market Set To Reach Usd 12.4 Billion By 2032 With A Steady 3.14% Cagr
Author: jaaza lee

2. The Ultimate Guide To Building Your Shopify Mobile App: Professional Tips And Tricks
Author: smithjoe

3. Construction Management In Action With Ground-breaking Project Management Tools
Author: iFieldSmart Technologies

4. Donner Du Pouvoir Aux Rêves De Fabrication : Exploiter Le Crowdfunding Pour Vos Moules à Injection
Author: Mouldinginjection

5. 6 Best Backend Frameworks For Web App Development In 2023
Author: Dynamic Methods

6. Is Web Development Easier Than Software Development?
Author: Subho Chowdhry

7. Top 10 Jobs In Pakistan For Matric Students: Building A Bright Future
Author: arslan

8. How To Find The Right Gc Consulting Services For India
Author: joyitsolutions

9. Ico Development Services
Author: Rajeev

10. What Is The Importance Of Android?
Author: Subho Chowdhry

11. What Is The Difference Between Flutter And Android Development?
Author: Subho Chowdhry

12. Boost Your Job Search Success With A Professional Resume Writing Service
Author: Rahul Teke

13. Exploring The Best Atv And Utv Dealers In North Mississippi
Author: Mississippi

14. Unlocking Success: How A Grab Clone App Can Revolutionize Your On-demand Service Business
Author: smithjoe

15. What Are Soft Skills For Android Developer?
Author: Subho Chowdhry

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: