SIEM when expanded Security Information and Event Management tool help you process meaningful results from the raw logs driven from log sources. SIEM is a combination of process engines with provides a real-time analysis of security breaches and Incidents on devices integrated. The Operations can be categorized as SIM (Security Information Management) and SEM (Security Event Management) process.
A SIEM is a combination product for Log management, Co-Relation of Alerts, Reporting. Log Management, As mentioned before helps the organisation to keep logs on a centralized location for a log periods which can be helpful in system audits. Co-relation engine helps to club the incidents of same categories from different devices. this need to be created or edited manually for organisation infrastructure and as per company policies. Reporting can be useful for audits where we need to provide specific reports to review.
Before Planning to add an SIEM devices, Usually a data analysis should be done where a complete chart of event chart should be created. this helps you to create reports and correlation alerts on SIEM. After preparing the data analysis report, usually we recommend to create a Critical assessment sheet from business and CISO which specifically says how critical is the device and impact of incident of specific device. This help you to segregate incidents and provide severity information.
On implementing SIEM make sure the devices connected are sending required logs which is mentioned on data analysis chart. Review EPS average / peek rate and usage of disk which helps you to track the storage usage. While integrating databases make sure only security events are being tracked. Create co-relation alerts and to the incidents.
SIEM solutions come as Software which can be installed on a server else as a Device. EPS count is the most important feature which is to be tracked before buying the product.
Major Seller Includes :
HP Arc-Sight – www. arc-sight.com
RSA enVision – www. rsa.com
LogLogic – www. loglogic.com
Splunk – www. splunk.com
NitroSecurity – www. nitrosecurity.com
For freeware Please try :
Logzilla – www. logzilla.pro