Security information and event management (SIEM)

What is SIEM?

                   SIEM (Security Information and Event Management) is a security and auditing system contains different monitoring and analysis components.

           As increase in the Cyber attacks and solid rule and regulations by government for the security, Organisations are making SIEM a standard security approach, where all medium and large Organisations adopting.

Professor Messer Explained SIEM in below video:

But what actually SIEM Does? How does SIEM actually help in mitigating attacks? What are the different company providing SIEM Support?  This article seeks to provide a Qradar SIEM of sorts. Follow up articles will dive deeper into how exactly Qradar works.

Let’s get started.

Why Organisations to Deploy SIEM Technologies?

         System and network monitoring will be best Ideas for organizations to protect themselves from these attacks, The growth in cyber attacks has resulted in turn in tighter compliance obligations,

• Compliance obligations (HIPAA, SOX, PII, NERC,COBIT 5, FISMA, PCI, etc.)

• General Data Protection Regulation (GDPR) 

• Gaining and maintaining certifications (such as ISO27000, ISO27001, ISO27002, ISO27003)

• Log management and retention

• Continuous monitoring and incident response (Post analysis)

• Case management or ticketing systems

• Policy enforcement validation and policy violations

Companies Provides SIEM Solution:

     There are various tools and platforms that can be used for implementing SIEM.

     Top players in the SIEM space:

IBM Qradar :

      Qradar is another popular SIEM that you can deploy as a hardware appliance, a virtual appliance, or a software appliance, depending on your organization’s needs and capacity.

Splunk :

       Splunk is a full on-prem SIEM solution that Gartner rates as a leader in the space. Splunk supports security monitoring and can provide advanced threat detection capabilities.

LogRhythm :

       LogRhythm is a good SIEM for smaller organizations, it helps you align your people, processes, and technology to detect and stop cyber threats faster than ever before.

Open source SIEM Tools:

1. AlienVault OSSIM:

           Our Open Source SIEM (AlienVault OSSIM) addresses this reality by providing one unified platform with many of the essential security capabilities you need like:  

• Asset discovery
• Vulnerability assessment
• Intrusion detection
• Behavioral monitoring
• SIEM event correlation 

                  

2. OSSEC:

            The World’s Most Widely Used Host-based Intrusion Detection System Used by tens of thousands of organizations around the world.

Atomicorp & Intensity Analytics Collaborate to Deliver Identity Assurance Compliance Across Platforms

3. ELK:

          "ELK" is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.  Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline  that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch.

            Kibana lets users visualize data with charts and graphs in Elastic search. The Elastic Stack is the next evolution of the ELK Stack.

In future articles we will address this precise topic, outlining the different solutions and their pros and cons.