Project Athena
  • Welcome
  • Module 00 - Mindset
    • Introduction
    • Lectures
      • Introduction to the Offensive Security Mindset
      • Curiosity, Creativity, Persistence
      • Maintaining a Healthy Mindset
  • Module 01 - Ethics and Legal
    • Introduction
    • Lectures
      • Hacker Ethics
      • Legal Framework
      • Legal Framework in Germany
  • Module 02 - Reconnaissance
    • Introduction
    • Lectures
      • Introduction to Reconnaissance
      • Information Gathering
      • Open Source Intelligence (OSINT)
      • Social Engineering
      • Search Engines for Reconnaissance
  • Module 03 - Penetration Testing
    • Introduction
  • Module 04 - Web Security
    • Introduction
    • Lectures
      • Introduction to Web
      • Security Features of the Browser
      • Client Side Vulnerabilities
      • Server Side Vulnerabilities
  • Module 05 - Hacking with Python
    • Introduction
  • Module 06 - Assembly
    • Introduction
  • Module 07 - Reverse Engineering
    • Introduction
  • Module 08 - Binary Exploitation
    • Introduction
  • Module 09 - Forensics
    • Introduction
  • Module 10 - Metasploit
    • Introduction
  • Module 11 - Linux and Server Security
    • Introduction
  • Module 12 - Windows and AD Security
    • Introduction
  • Module 13 - Blue Teaming
    • Introduction
    • Lectures
      • Overview
      • Firewalls
      • Intrusion Detection and Prevention Systems
      • Incident Response
      • Security Information and Event Management (SIEM)
  • Module 14 - Cryptography
    • Introduction
    • Lectures
      • What is Cryptography?
      • Symmetric Cryptography
      • Asymmetric Cryptography
      • Cryptographic Attacks
  • Module 15 - Password Cracking
    • Introduction
  • Module 16 - Hardware Hacking
    • Introduction
  • Module 17 - Cloud Security
    • Introduction
    • Lectures
      • Overview of Cloud Security
      • Comparison of Server Types: Cloud, Dedicated, and Shared Servers
      • User and Permission Management in Cloud Platforms
      • Containerization Overview:
      • Cloud Computing Security Concepts:
      • Secure DevOps in the Cloud
      • Exploring Key Certifications and Standards in On-Premises and Cloud Security
  • Module 18 - Mobile Security
    • Introduction
  • Module 19 - Wireless Security
    • Introduction
    • Lectures
      • The Wireless Network Architecture
      • WiFi Security Fundamentals
      • WiFi Authentication and Encryption Mechanisms
      • WiFi Attack Vectors
      • Wireless Penetration Testing Tools and Techniques
      • Best Practices for Securing Wireless Networks
  • Module 20 - RATs and Rootkits
    • Introduction
    • Lectures
      • Remote Access Trojans
      • What is a Rootkit?
  • Module 21 - AI in offensive Security
    • Introduction
  • Module 22 - Social Engineering
    • Introduction
    • Lectures
      • Introduction to Social Engineering
      • Types of Social Engineerings Attacks
      • Stages of a Social Engineering Attack
      • Psychological Principles behind Social Engineering
      • Tools and Techniques for Social Engineering
      • Prevention and Defense against Social Engineering Attacks
Powered by GitBook
On this page
  • Introduction
  • Core Functions
  • Key Capabilities
  • Benefits
  • Challenges in Implementing SIEM
  • Solution Comparison
  • References
  1. Module 13 - Blue Teaming
  2. Lectures

Security Information and Event Management (SIEM)

PreviousIncident ResponseNextIntroduction

Last updated 1 year ago

Introduction

  • SIEM combines security information management (SIM) and security event management (SEM)

  • aggregating and analyzing event data from various sources like applications, endpoints, firewalls, and networks.

  • assists in quick identification of cyber threats through real-time threat monitoring and alerting capabilities.

source: Security Information and Event Management [1.]

Core Functions

source: Security Information and Event Management [6.]

Data Correlation and Analysis

  • Reactive Nature: Traditional SIEM systems focused on reactive logging and event management.

  • Proactive Shift: Recent trends show a shift towards more proactive measures, integrating new threat data for better issue identification.

  • AI Integration: Adoption of AI tools in SIEM systems helps narrow alert windows and automate security responses, moving from reactive to proactive responses.

source: Security Information and Event Management [3.]

Event Log Management

  • Essential Component: Involves collection, normalization, and analysis of log data for network visibility and detecting security incidents.

  • Evolution and Challenges: Modern SIEM solutions are evolving to address dynamic cybersecurity challenges, with an emphasis on cloud-based solutions for flexibility.

  • Combining with SOAR: Integration with SOAR (Security Orchestration, Automation, and Response) tools extends the usability of SIEM tools, though they remain fundamentally reactive.

source: Security Information and Event Management [4.]

source: Security Information and Event Management [3.]

Monitoring and Alerting

  • Real-Time Monitoring: SIEM is crucial for real-time monitoring and alerting in cloud and on-premise infrastructures.

  • Automation and AI: Increasing use of AI and automation in SIEM and SOAR tools to save time and improve efficiency in threat response.

  • Cloud Migration: There is a growing trend to move SIEM and SOAR solutions to the cloud to support scalable resources and enhance automation capabilities.

source: Security Information and Event Management [4.], Security Information and Event Management [3.]

Key Capabilities

  • Threat Analytics

    • SIEM systems are evolving to address complex security threats, although they primarily focus on logging and event management

  • Cloud Security

    • The advancement of cloud-based SIEM solutions since 2020 reflects the need for fast, flexible, and customizable security solutions

  • Integrated Compliance

    • assists in regulatory compliance by continuously collecting and reporting network data in real-time

  • User Behavior Analytics (UBA)

    • The integration of new threat data in SIEM systems aids in detecting potential phishing efforts and identifying compromise points, aligning with the user behavior analytics approach.

  • Alerting

  • Incident Response

    • Combining SIEM with SOAR (Security Orchestration, Automation, and Response) extends the usability of these tools. However, even this combination is reactive rather than proactive, indicating a need for solutions that fill these gaps, such as extended detection and response (XDR).

source: Security Information and Event Management [3.], Security Information and Event Management [5.]

Benefits

  • Rapid Detection and Response

    • shortens the time required to detect and identify threats

  • Forensic Analysis

    • forensic investigation by providing detailed logs and historical data

  • Diverse Applications

    • SIEM can be used for operations support, troubleshooting, and other activities revolving around data or historical logs

source: Security Information and Event Management [5.]

Challenges in Implementing SIEM

  • Requirement of integration with other solutions

  • Extensive oversight and control needed from security experts

  • Initial and ongoing costs

  • Difficulty in differentiating between regular activities and incidents.

source: Security Information and Event Management [5.]

Solution Comparison

SIEM Solution
Best For
Key Features
Deployment Options
Pricing

Splunk Enterprise Security

IT Observability

Risk classification, threat intelligence, flexible deployment

Various

Starting at $150/month for 1GB data/day

IBM Security QRadar SIEM

Global Reach, Large Enterprises

AI and UBA integration, compliance resources, extensive integrations

On-premises/Cloud

Community: Free; Software: ~$320/month; SaaS: ~$2,340/month

Securonix Unified Defense SIEM

Future-Looking Vision

Cloud-native platform, integrated SOAR, long-term search capabilities

Cloud, On-premises, Hybrid

Contact for pricing; SaaS available

Exabeam Fusion

Log Storage and Searchability

UEBA for insider threats, smart timelines, full indexing for log ingestion

SaaS cloud offering

Contact for pricing; SaaS available

LogRhythm SIEM Platform

On-Premises SIEM

Advanced analytics, prebuilt playbooks, threat detection

On-premises

Starts under $30,000

ManageEngine Log360

Small Businesses

Automated security scanning, compliance auditing, threat intelligence feed

Windows Server environments

Contact for pricing

Datadog Security Monitoring

Customization

Real-time security monitoring, log management, 600+ integrations

Cloud-native

14-day free trial

Logpoint SIEM

-

AI-driven anomaly detection, UEBA, integrated SOAR

Linux, AWS, SaaS

-

SolarWinds Security Event Manager

Log Aggregation

Wide range of log management features

-

-

source: Security Information and Event Management [2.]

References

Security Information and Event Management

  1. https://www.selecthub.com/siem/siem/

  2. https://www.esecurityplanet.com/products/siem-tools/#:~:text=,Premises

  3. https://securityintelligence.com/articles/soar-and-siem-in-2023-key-trends-and-new-changes/

  4. https://www.manageengine.com/log-management/siem/siem-functions.html

  5. https://www.itsasap.com/blog/pros-cons-siem

  6. img: https://securityintelligence.com/wp-content/webp-express/webp-images/doc-root/wp-content/uploads/2023/07/[email protected]