Siem (Security Information and Event Management Solutions) Implementations in Private or Public Clouds (original) (raw)
Related papers
Sensors, 2021
Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.
THE EVOLVING THREAT LANDSCAPE: HOW SIEM CAN ADAPT TO EMERGING ATTACK TECHNIQUES
IAEME PUBLICATION, 2022
Security Information and Event Management (SIEM) systems contribute immensely to maintaining a business’ cybersecurity posture. SIEM solutions gather and analyze huge amounts of data from different sources, including users, software, information sources, cloud workloads, endpoints, etc. within a business’s IT infrastructure. SIEM systems centralize and correlate the gathered information to provide comprehensive visibility into the business’ cybersecurity status. With the increasingly evolving cybersecurity world and dynamics of the threat landscape, the role played by security experts and security solutions to secure data systems is changing. With the growing complexity of threats, novel approaches are gaining prominence to counter the effects of cyber-attacks.
Management and Monitoring Security Events in a Business Organization - SIEM system
46 th ICT and Electronics Convention - MIPRO, 2022
Business organizations are increasingly facing advanced threats, which have been particularly affected by new circumstances such as remote work. In such circumstances, members of IT security need to have appropriate systems that are ready to respond to this new security threats. In order to successfully manage and monitor security events and incidents, it is necessary to establish a Security Operations Center (SOC) or Security Information and Event Management (SIEM) system. This paper gives an example of monitoring Security Events by Tier 1 and Tier 2 level support in installed SIEM system in a business organization.
Securing The Financial Industry with SIEM
Financial organizations collect, store, and share massive amount of customer data making them a prime target for cyberattacks. Security information and event management (SIEM) tools provide both insight into most current IT situation of an organization and a log of relevant events that have happened in the past. SIEM integration with the latest and emerging technologies shows promising results addressing any limitations of this approach.
Successful implementation of the Security Information and Event Management (SIEM
UMT, 2016
This article discusses the issues of building a Security Information and Event Management (SIEM) from within an information system, as opposed to a project from a system integrator, for internal needs, and not for creating a commercial Security Operation Center. In general, the topic of the implementation and use of SIEM is poorly covered, surrounded by a lack of understanding of the goals and objectives of SIEM solutions, and in general, those installations that the author saw, usually do not bring sufficient efficiency to those who implemented them. This article is addressed to managers of information security departments who are thinking about implementing SIEM, as well as information security specialists who are involved in the operation and development of SIEM in their companies.
Closing the loop of SIEM analysis to Secure Critical Infrastructures
Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.
IAEME PUBLICATION, 2020
Traditional sequenced search-based alerting mechanisms in SIEM Enterprise Security are effective for detecting predefined attack scenarios but exhibit significant limitations in handling the complexity and variability of modern threats. These mechanisms rely on rigid sequences of conditions to trigger alerts, which often results in missed detections when attackers use alternative techniques to achieve their objectives. This creates critical gaps in security monitoring and leaves enterprise environments vulnerable to sophisticated attack strategies. To address these challenges, this paper introduces a Risk-Based Alerting (RBA) framework that leverages the advanced capabilities of SIEM’s Risk Analysis Framework. Unlike sequenced search-based systems, the RBA framework dynamically evaluates and scores events based on multiple factors, including the fidelity of the security event, the risk profile of the asset involved, and the criticality of the associated attack scenario. This approach ensures comprehensive coverage by capturing both high-fidelity and low-fidelity alerts. However, only high-priority alerts that exceed a predefined risk threshold are classified as "notable," significantly reducing the noise generated by low-impact alerts. The RBA framework employs adaptive risk scoring mechanisms that account for evolving attack patterns and operational contexts. By incorporating non-overlapping scheduling, throttling mechanisms, and real-time dashboard enhancements, the framework streamlines alert prioritization and improves the overall efficiency of security operations. Furthermore, the integration of industry-standard frameworks, such as MITRE ATT&CK, ensures a robust and comprehensive mapping of attack techniques, enabling precise detection and actionable insights. Our findings demonstrate that the RBA framework significantly enhances the prioritization and detection of critical events while mitigating operational inefficiencies. Key outcomes include a substantial reduction in false positives, improved usability of risk analysis dashboards, and better alignment with real-world threat landscapes. This paper concludes by highlighting the potential of RBA to transform SIEM Enterprise Security into a more dynamic, responsive, and effective defense mechanism against modern cyber threats.
Building a Scalable Security Operations Center: A Focus on Opensource Tools
Journal of Engineering Research and Reports, 2024
Given the prevalence of a wide variety of cyber attacks against businesses of all sizes, it is essential to ensure that adequate security monitoring of organizational assets and infrastructure is in place to ensure the early detection and response to security incidents. By using a security information and event management (SIEM) tool in collaboration with other security tools, such as an extended detection and response (XDR) tool, all housed in an organizational unit, adequate security monitoring and response to detected incidents can be achieved. This research builds a SOC architecture with various components to ensure complete security visibility across endpoints and digital assets. Then, it proposes low-cost open-source tooling that can be used to implement this architecture. To validate the performance of this architecture, the architecture was implemented using the proposed tools, which included the Wazuh platform as the XDR and SIEM tool, TheHive