SIEM

The Importance of SIEM

Security Information and Event Management (SIEM) tools can automatically alert admins of malicious events in real time by detecting suspicious behavior in the logs of a single computer or networking device, or by correlating the events in the logs of multiple devices.

The Limitations of SIEM

SIEM tools require constant tuning as do most signature-based security controls because they miss some malicious activities (i.e., false negatives) and they erroneously alert on some non-malicious events (i.e., false positives). In addition, by employing an expensive SIEM solution and dedicating one or more employees to manage it, some organizations can experience a false sense of security that all threats are being found.

Vidder's SIEM Recommendations

Vidder strongly recommends using SIEM tools for automated log analysis.

Organizations should select a SIEM product based on organization size and number of remote offices. Larger enterprises with a number of remote offices will require a remote summarization feature. Smaller organizations on the other hand may require less expensive solutions with fewer features.

Organizations should also consider choosing a SIEM that doubles as an application availability and performance monitor.

Also, Vidder recommends that admins ensure that all log repositories have adequate storage space for the logs generated on a regular basis so that log files will not fill up between log-rotation intervals.

Trusted Networking

Architecture

Applications

Industries

Overview

Internet Services

Perimeter Penetrating

Lateral Movement

Secure Clients/Servers

Data Security

Secure Networks

Secure Admins