SIEM | Digital Chief Commander

Biometric photo created by rawpixel.com — www.freepik.com

SIEM — Security Information and Event Management, is a centralized collection of all Security Controls and Efforts.

Our security subsystems can contain multiple controls like Firewall, IDS/IPS, Logs, IAM, etc.,

Our system may also be spread across multiple zones, i.e., On-Premises and Cloud Premises.

One person looking at so many logs is ineffective. Many people looking at one log each is uneconomic.

Thus SIEM, brings all logs to a central repository, serving 2 distinctive purposes:

• To serve as a Central Coordinator/Chief Commander of Security Systems.
• To serve as a Knowledge base upon which decisions can be made.

SIEM Overview

To serve as the Chief Commander of our Security Systems, SIEM is loaded with the following systems:

• Real-time Monitoring and Alerting System
• Centralised Logging and Detection System
• IT Regulations Compliance System

The Real-time monitoring system allows us to view the data flow seamlessly in real time, thus helping us make timely decisions before we are compromised.

Centralised Logging and Detections Systems provide more than one utility:

Solar Winds Security Event Manager (https://www.tek-tools.com/security/best-siem-software)

• Visualization:
  - SIEM equipped with intelligent systems can clear out the clutter from logs and give us a graphical visualization of data flow.
  - This not only helps easier detection but also helps present the data to Business.
• Forensics:
  - Logged data in SIEM systems can be used after a compromise for Forensic investigation.
  - All data being collected at one location helps gather important information easier.
  - SIEM is also equipped with intelligent systems to gather relevant information by itself.
• Threat Intelligence:
  - Add Machine Learning capabilities to SIEM and it acts as an Intelligent Threat detector.
  - Equipped with legacy data as well, serves as a knowledge base to create Expert Systems.

IT Regulations Compliance Systems are also part of some SIEMs that allow us to check if our systems are Compliant to specific IT Regulations.

Difficulties with SIEM:

• Hard to Configure
• Huge Storage Requirement
• Expensive (Cheaper than getting Hacked)
• Requires Constant Updating
• Requires dedicated Personnel