SIEM Implementation Approach

SIEM Implementation approach

Can implementing an SIEM solution in the network provides you an effective protection against the security threats? The answer is ‘Yes’ and ‘No’. Yes because, SIEM solution if implemented and managed properly, then of course there will be significant improvement in the security posture of your environment. Then why ‘No’, because the solution needs to be implemented and managed effectively. Effectiveness of the solution depends on the way of implementation. Googling for SIEM implementation and use cases will not be effective since one size does not fit for all. The solution should be implemented after understanding the client requirement, criticality of the devices, nature of the business and the level of security that the client is expecting. Rules, Processes, Dashboard, reports everything should be customized with respect to the client.

Explore the full article in attached pdf.

An Introduction to SIEM

SIEM (Security Information and Event Management) Technology provides a Platform for real-time monitoring of information security events from Networks, Servers, Systems, Applications and more. SIEM Solutions can also be used for Regulatory Compliance reporting requirements. SIEM Solutions supports Forensic Analysis on Real Time and Post Incident analysis by retrieving & storing the events based on their Timestamp.
SIEM Formation
SIEM is a combination of SIM (Security Information Management) and SEM (Security Event Management). SIEM Centralizes the Events Information and Log Management from various devices and locations. SIEM uses either Rule-based or Correlation Engines for Identifying the Anomalies by Combining Multiple Events and Information.

SIEM - Must - Capability

While organizations come across array of SIEM solutions, what peculiarities they must focus on?  A brief list. 

  • Unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics
  • Vulnerability management, get regular updates from OEM on vulnerabilities and rules
  • Advanced threat detection, greater ease of use, lower TCO, Near real-time correlation and behavioral anomaly detection
  • Auto-discovery of assets and automated updates for conditions & rules.
  • Application Layer Flow analysis(Layer 7)
  • Automated regulatory compliance by collection, correlation & reporting   capabilities.(PCI, NERC, SOX, HIPPA, GLBA)

Application Layer 7 flow visibility:

What helps administrator to get layer 7 application traffic visibility?

Subscribe to RSS - SIEM