ITS
Priyanka Sunkara_ISOL532_Final project _phase_3.docx

Priyanka Sunkara_ISOL532_Final project _phase_3.docx -...

Info icon This preview shows pages 1–5. Sign up to view the full content.

TELECOMMUNICATIONS AND NETWORK SECURITY ISOL 532 , 2018 MS. PRIYANKA SUNKARA REF #:2018_SPR_IG
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Priyanka Sunkara ISOL532 Final Project REF #:2018_SPR_IG Contents Identify and Describe SIEM .......................................................................................................................... 2 SIEM acronym Defined ............................................................................................................................ 2 Underlying Principles of SIEM .................................................................................................................. 2 The SIEM Process ..................................................................................................................................... 2 SIEM Implementation .............................................................................................................................. 2 SIEM Attributes ........................................................................................................................................ 3 SIEM Benefits ........................................................................................................................................... 3 Best Practices .............................................................................................................................................. 4 Best practice 1 ......................................................................................................................................... 4 Best practice 2 ......................................................................................................................................... 4 Best practice 3 ......................................................................................................................................... 4 Best practice 4 ......................................................................................................................................... 5 Best practice 5 ......................................................................................................................................... 5 Best practice 6 ......................................................................................................................................... 5 Discuss why SIEM projects fail ..................................................................................................................... 6 SIEM Overreach? ..................................................................................................................................... 6 Technical Challenges? .............................................................................................................................. 7 Organizational Cooperation? ................................................................................................................... 9 Organizational Commitment? .................................................................................................................. 9 Level of IT Maturity? ................................................................................................................................ 9 Just a matter of Installing SIEM? ............................................................................................................ 10 Bibliography ............................................................................................................................................... 12 1
Image of page 2
Priyanka Sunkara ISOL532 Final Project REF #:2018_SPR_IG Identify and Describe SIEM SIEM acronym Defined Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.[Tec001] Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate sources.[Gar18] Underlying Principles of SIEM The underlying principles of every SIEM system are: To aggregate relevant data from multiple sources Identify deviations from the norm and take appropriate action. For example, when a potential issue is detected, a SIEM might log additional information, generate an alert and instruct other security controls to stop an activity’s progress.[Tec001] The SIEM Process SIEM works first by gathering all the event logs from configured devices. The logs are sent to a collector, which typically runs on a virtual machine inside the host network. Next, the logs are securely sent from the collector to the SIEM. The SIEM consolidates the logs, parses each log, and categorizes them into event types, such as successful and failed logons, exploit attempts, malware activity, and port scans. These event types are then running against rulesets to determine if there is any illegitimate traffic. An alert will be created if a rule is triggered.[Pra18] SIEM Implementation Implementation steps: Provides an organization with unprecedented visibility into its IT environment • Provide analytical horsepower to correlate, identify and alert on security issues. • Centrally retain logs for managed IT systems (costly) 2
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Priyanka Sunkara ISOL532 Final Project REF #:2018_SPR_IG • provide compliance testing and reporting across multiple systems • Allow sight beyond the “White noise” SIEM Attributes SIEM also correlates common attributes between two or more events and then links it all together. That means that you can study a particular type of security event, or even be able to see what
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern