While organizations come across array of SIEM solutions, what peculiarities they must focus on? A brief list.
- Unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics
- Vulnerability management, get regular updates from OEM on vulnerabilities and rules
- Advanced threat detection, greater ease of use, lower TCO, Near real-time correlation and behavioral anomaly detection
- Auto-discovery of assets and automated updates for conditions & rules.
- Application Layer Flow analysis(Layer 7)
- Automated regulatory compliance by collection, correlation & reporting capabilities.(PCI, NERC, SOX, HIPPA, GLBA)
Application Layer 7 flow visibility:
What helps administrator to get layer 7 application traffic visibility?
Deep packet inspection is an appropriate methodology to find layer 7 application traffic utilization. e.g Consider a network of Cisco devices with recent IOS. These devices must support NBAR (Network Based Application Recognition) which helps to identify layer 7 application traffic using deep packet inspection mechanism.
NBAR has PDLM (Packet Description Language Module), which has over 1,000 signatures used for identifying web traffic, URL’s, file sharing application and random port application. PDLM on a Cisco device is updated on every IOS upgrade or with intermediate PDLM update pack.
Views by Saumitra Sathye