Deploying a SIEM when you have not proper log management in place, is certain to fail. I have heard this fact always, but I didn't realize it until I became involved in a SIEM evaluation project. The log management infrastructure and its processes is necessary for a successful SIEM deployment.
Monday, March 3, 2014
Sunday, March 2, 2014
SIEM evaluation
During recent months, my focus has been the evaluation of some Security Information and Event Management (SIEM) products. It is interesting and full of new experiences. I create a baseline feature list for the SIEM products, which is derived from multiple products and best practices.
The baseline is comprised of 5 susbsystems:
I am also preparing to perform the evaluations is a lab environment. As a result, I am setting up a testing environment with my team to provide different logs to the products.
I recommend the contents presented by Dr. Anton Chuvakin as a very useful reference.
The baseline is comprised of 5 susbsystems:
- Log management and analysis
- Event correlation
- Management console/dashboards
- Reaction
- Knowledge base
I am also preparing to perform the evaluations is a lab environment. As a result, I am setting up a testing environment with my team to provide different logs to the products.
I recommend the contents presented by Dr. Anton Chuvakin as a very useful reference.
Subscribe to:
Comments (Atom)