Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers
To achieve business objectives, to stay competitive and to operate legally modern organizations of all types (e.g. commercial enterprises, government agencies, not-for profit organizations), different size and sphere of activity need to match a lot of internal and external requirements. They are called compliance regulations and mean conforming to a rule, such as a specification, procedure, policy, standard, law, etc. These organizations need to ensure valuable assets, uninterrupted business operation (processes), reliable data and differentiated quality of service (QoS) to various groups of users. They need to protect their clients and employees not only inside but also outside organization itself in connection with which two new terms were introduced – teleworking or telecommuting. According to Gartner by 2020, 30% of global enterprises will have been directly compromised by an independent group of cybercriminals or cyberactivists. And in 60% of network breaches, hackers compromise the network within minutes, says Verizon in the 2015 Data Breach Investigations Report. An integrated system to manage organizations’ intranet security is required as never before. The data collected and analyzed within this system should be evaluated online from a viewpoint of any information security (IS) incident to find its source, consider its type, weight its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. The brief analysis of a concept and evolution of Security Information and Event Management (SIEM) systems and their usage in Security Operations Centers and Security Intelligence Centers for intranet’s IS management are presented.
KeywordsSecurity Information and Event Management System SIEM Security Operations Center Security Intelligence Center
This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).
- 1.ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary (2016)Google Scholar
- 2.IBM Corporation: IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. 2nd edn. (2010). http://www.redbooks.ibm.com/abstracts/sg247530.html?Open. Accessed 05 June 2017
- 3.Techtarget: Security information and event management (SIEM) (2014). http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM. Accessed 05 June 2017
- 4.Scarfone, K.: Introduction to SIEM services and products (2015). http://searchsecurity.techtarget.com/feature/Introduction-to-SIEM-services-and-products. Accessed 05 June 2017
- 5.Miller, D., Harris, S., Harper, A., VanDyke, S.: Security Information and Event Management (SIEM) Implementation. McGraw-Hill, New York (2010). 464 p.Google Scholar
- 6.Miloslavskaya, N.G., Senatorov, M.Y., Tolstoy, A.I.: Information Security Incident and Business Continuity Management. Information Security Management Issues Series, 2nd edn., vol. 3, 170 p. Goriachaja linia-Telecom, Moscow (2014). (in Russian). 5 VolumesGoogle Scholar
- 7.Verizon: Data Breach Investigations Report (2015). http://www.verizonenterprise.com/DBIR/2015/. Accessed 05 June 2017