2022-01-16T12:44:00Z
GG
IT Engineer at UTMStack
  • 7
  • 165

Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?

Hi, community!

Usually, when professionals administer the network, they use an Active Directory tool and a cybersecurity solution (e.g., EPP, anti-virus, or SIEM) separately.

Are you aware of SIEM platforms that integrate these tools?

7
PeerSpot user
7 Answers
AS
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Top 5Leaderboard
2022-01-19T14:02:08Z
Jan 19, 2022

I agree with the users who mentioned Splunk. Splunk is a log message management platform, and they have an application called Splunk Enterprise Security. It can ingest AD, anti virus, door control systems, VPN gateways, etc, etc via the log messages they generate, and has logic to correlate events (ie log messages). I am sure there are other products but Splunk is what I am familiar with.

Search for a product comparison in Security Information and Event Management (SIEM)
RC
IT Security Consultant at Microlan Kenya Limited
Real User
Top 5Leaderboard
2022-01-19T13:01:44Z
Jan 19, 2022

Hi @Giusel,


With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC. 


This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other platforms. 


Also, it depends on what you want to achieve;


-You can integrate many SIEM platforms with AD so that users can authenticate into SIEM using credentials from AD (external source).


-To monitor the behavior of AD users in order to identify malicious activity.


Thanks

NF
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
2022-01-18T09:12:46Z
Jan 18, 2022

Hi @Giusel,


I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a platform, it's natural to push forward to SOC and SOAR. 


Don't forget to use the ingested data for several additional use cases in ITOps and other purposes to better up the ROI of the investment in Splunk.


Recently, we combined Tanium and Splunk as the best suite approach, it's very promising for bigger companies or if you go for an MSSP.


At one customer we connected several Point of Sales systems in an ITOps Usecase and several additional use cases for sales and marketing dropped out.


Hope this helps a little.


Best Regards,


Norman

PR
TitleHead Of Marketing at Lepide Software Pvt. Ltd.
Real User
2022-10-03T10:54:37Z
Oct 3, 2022

It is worth checking out Lepide. It is not a SIEM, but Lepide brings together AD auditing and security monitoring, and also integrates with most SIEM solutions.

Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
User
Top 5
2022-01-20T05:19:14Z
Jan 20, 2022

SIEM platform is one of the intelligent platforms which collects all the events from a given source. But generally admins only integrate security events with SIEM tools. 


All the infra tools and equipment can integrate with the SIEM platform. The most important bit is that when the events get captured, the logger should be capable of translating these events to the human-readable format.


Here are some of the SIEM platforms:


ArcSight, Splunk, IBM QRadar, LogRhythm, ELK, etc.

DB
Security Systems Analyst at a retailer with 5,001-10,000 employees
Real User
2022-01-18T19:39:22Z
Jan 18, 2022

Hi @Giusel


I have been looking into the same thing.  I am taking a very close look at Sentinel.  It really comes down to what you are running.  Azure AD with Azure Cloud and if you were running Defender for the enterprise.  The integrations within Sentinel would be unmatched.

Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,400 professionals have used our research since 2012.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Real User
ExpertModerator
2022-01-17T03:50:46Z
Jan 17, 2022

Hi @Giusel,


There are many tools that can integrate with SIEM platforms. With our SIEM team, we have integrated AD and security monitoring tools with Splunk & Securonix.


To get further information, can you share which security monitoring tools are you using and plan to integrate?

Related Questions
UT
User at M2P Fintech
Jan 16, 2023
Hi peers,  I work at a medium-sized financial services firm. I am currently researching SIEM solutions and would like to understand the difference between SIEM and Next-Gen SIEM solutions. In addition, I would like to know what are the differences between Gurucul and Wazuh. Thank you for your help.
See 2 answers
Jan 14, 2023
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security detections. Next-Gen solutions typically offer more pre-built detections and require less maintenance compared to traditional SIEMs, which primarily focus on collecting log data.   Comparing Gurucul and Wazuh, some key differences between the two include: Wazuh is open-source, while Gurucul's SIEM solution is proprietary. Wazuh focuses on providing detailed visibility and control over an organization's endpoint security, whereas Gurucul's SIEM solution provides a broader range of security features such as threat intelligence, user behavior analytics, and incident response.
SiddhantMishra - PeerSpot reviewer
Cyber Security Consultant at DNIF
Jan 16, 2023
SIEM (Security Information and Event Management) is a security management system that uses software to collect, store, and analyze security-related data from various sources. It provides a centralized view of the security posture of an organization by correlating events from different sources, such as network devices, servers, and applications. Next-gen SIEM solutions, also known as "modern" or "advanced" SIEMs, build on the basic functionality of traditional SIEMs by adding new capabilities such as: - Machine learning and artificial intelligence to improve threat detection and reduce false positives - Cloud-based deployment for greater scalability and flexibility - Integration with other security tools such as endpoint protection and vulnerability management - Automated incident response and threat hunting - Greater visibility into modern technologies such as cloud environments and IoT devices. In summary, Next-gen SIEMs offer more advanced analytics, automation, and improved scalability, to help with detecting and responding to cyber threats in real time. Wazuh is an open-source security platform that provides an integrated solution for threat detection, incident response, and compliance. It is built on top of Elastic Stack and provides an agent-based architecture for data collection and centralized management. Wazuh focuses on providing endpoint security by monitoring and alerting system activity, file integrity, and vulnerabilities. Gurucul, on the other hand, is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time. It also provides a centralized view of security-related data and can integrate with a variety of security tools. Gurucul focuses on providing user and entity behavior analytics (UEBA) and fraud detection, it can identify anomalies and suspicious activities in an organization's network, applications, and user behavior. In summary, Wazuh is an open source endpoint security platform, while Gurucul is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Nov 17, 2022
Hi community,  I am a Service Delivery Manager at a medium-sized tech services company. I am researching PSIM (Physical Security Information Management). What are the main use cases and benefits of products that fall under this category? Thank you for your help.
See 1 answer
IA
Principal Consultant Cyber Security at Servian
Nov 17, 2022
Physical security of an information management system assures security by implementing protective controls to a location that hosts your most confidential data. For example, when you access data centers physically to access servers, storage, routers, switches, etc. Similarly, when you are accessing the location (warehouse, IT department, finance or HR department) with malicious intentions to discover the possibility of a targeted attack which could be by inserting the infected USB drive, stealing confidential documents, taking pictures, finding the ways to access the data centers from elevators to the reception to the data center. ISO27001:2013 explains in detail what protective controls must be there to ensure physical security like access cards, port security, identification, CCTV, Biometrics, preventing WIFI access outside the location, fire alarm system, assembly points, etc.
Related Articles
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jan 24, 2023
It is important to retain logs for a significant amount of time in order to be able to investigate and analyze past attacks. This allows security teams to identify patterns and trends that can aid in the detection and prevention of future attacks. The retention period will vary depending on the organization's specific requirements and regulations, but it is generally recommended to keep logs ...
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Apr 4, 2022
Hi peers, This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members. Trending Is RPA beneficial for a healthcare organization? With the increasing risk of cyber attacks in the west, due to the war in Ukraine, how safe is your data in the cloud? Articles 8 Business Automation Ideas to Save Time and...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Related Articles
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jan 24, 2023
Features of Today's SIEMs – Requirements for Today’s Attacks and Breaches
It is important to retain logs for a significant amount of time in order to be able to investig...
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
SIEM vs. Firewall
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. W...
Download Free Report
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,400 professionals have used our research since 2012.