The Operational Role of Security Information and Event Management Systems

Author

Bhatt, S. ; Manadhata, Pratyusa K. ; Zomlot, Loai

Author_Institution

HP Labs., Hewlett-Packard, USA

Volume

12

Issue

5

fYear

2014

fDate

Sept.-Oct. 2014

Firstpage

35

Lastpage

41

Abstract

An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.

Keywords

business data processing; computer network security; digital forensics; system monitoring; SIEM systems; SOC; computer security incident response team; enterprise CSIRT; enterprise networks; forensic analysis; malicious activities; real-time security incident identification; real-time security incident monitoring; security information and event management systems; security operations center; Computer security; Event management; Face recognition; Forensics; Monitoring; Network security; Security of data; System-on-chip; SIEM; SOC; alerts; events; security; security information and event management; security operation center;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2014.103

Filename

6924640