I work at an advertising services firm. I am currently researching SIEM solutions and their features.
On the topic of SEM data - what elements belong in a monthly SIEM report?
Thank you for your help.
The SIEM monthly report should contain the following components · Security monitoring · Advanced threat detection · Forensics and incident response · Compliance reporting and auditing · not forgetting the number and type of logs the SIEM has been collecting on a certain period of time.
There are several threat intelligence platforms that do what you're looking for. Among them are a couple of long-timers in the field, Splunk and IBM QRadar.
McAfee ESM has integrations to prioritize, investigate, and respond to threats, and AlienVault is another platform that claims to have a comprehensive security solution with features such as asset discovery, vulnerability assessment, and network and host intrusion detection.
Relatively recent solutions that have gotten a good deal of attention lately include Palo Alto Networks Cortex XSOAR and Microsoft Sentinel. Other players include Securonix Next-Gen SIEM, LogRhythm, and Devo.
To varying extents, these solutions help streamline incident response processes and improve the overall security posture. To varying extents, they all capture security events and alerts and provide a workflow for incident response. They are said to include real-time threat detection, automated investigation, and case management, and to integrate with other security tools. Have a look at SIEM Tools and SOAR Solutions.
It is important to retain logs for a significant amount of time in order to be able to investigate and analyze past attacks. This allows security teams to identify patterns and trends that can aid in the detection and prevention of future attacks. The retention period will vary depending on the organization's specific requirements and regulations, but it is generally recommended to keep logs ...
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles.
Do you need SIEM if you already have a firewall?
If you have questions about the difference between SIEM and firewall, you have come to the right place....
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Is RPA beneficial for a healthcare organization?
With the increasing risk of cyber attacks in the west, due to the war in Ukraine, how safe is your data in the cloud?
8 Business Automation Ideas to Save Time and...
Hi community members,
Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members.
What open-source HCI solution do you recommend?
How much time does SSO save?
What are the main technical differences between Microsoft Power Automate and Blue Prism?
Top HCI in 2022
What is Web Design? The Ultima...
I agree with the users who mentioned Splunk. Splunk is a log message management platform, and they have an application called Splunk Enterprise Security. It can ingest AD, anti virus, door control systems, VPN gateways, etc, etc via the log messages they generate, and has logic to correlate events (ie log messages). I am sure there are other products but Splunk is what I am familiar with.
With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC.
This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other platforms.
Also, it depends on what you want to achieve;
-You can integrate many SIEM platforms with AD so that users can authenticate into SIEM using credentials from AD (external source).
-To monitor the behavior of AD users in order to identify malicious activity.
I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a platform, it's natural to push forward to SOC and SOAR.
Don't forget to use the ingested data for several additional use cases in ITOps and other purposes to better up the ROI of the investment in Splunk.
Recently, we combined Tanium and Splunk as the best suite approach, it's very promising for bigger companies or if you go for an MSSP.
At one customer we connected several Point of Sales systems in an ITOps Usecase and several additional use cases for sales and marketing dropped out.
Hope this helps a little.
It is worth checking out Lepide. It is not a SIEM, but Lepide brings together AD auditing and security monitoring, and also integrates with most SIEM solutions.
SIEM platform is one of the intelligent platforms which collects all the events from a given source. But generally admins only integrate security events with SIEM tools.
All the infra tools and equipment can integrate with the SIEM platform. The most important bit is that when the events get captured, the logger should be capable of translating these events to the human-readable format.
Here are some of the SIEM platforms:
ArcSight, Splunk, IBM QRadar, LogRhythm, ELK, etc.
I have been looking into the same thing. I am taking a very close look at Sentinel. It really comes down to what you are running. Azure AD with Azure Cloud and if you were running Defender for the enterprise. The integrations within Sentinel would be unmatched.
There are many tools that can integrate with SIEM platforms. With our SIEM team, we have integrated AD and security monitoring tools with Splunk & Securonix.
To get further information, can you share which security monitoring tools are you using and plan to integrate?