Security Information & Event Management (SIEM) By Ahmad AlGhamdi

July 20, 2020

This Article Written by Trainee Ahmad AlGhamdi From Imam Mohamad bin Saud University #IMU

 

 

 

SIEM:

  • A centralized system for managing cyber security that combines functionality                                                                    SIEM = SIM + SEM

SIM (Security Information Management) and SEM (Security Events Management) in one system in which security events and alerts are collected from the various devices, systems and technologies present in the organization's network infrastructure

 

 

 

SIEM consists of two major systems

 

  • (1) Security Information Management System that works to collect security data from various network infrastructure systems and store it with a unified central database through which to analyze this data and prepare its own reports

  • (2) Security Event Management System, which works to analyze and monitor information and link events from different systems to the network and follow-up security events in order to take defensive measures and protect network systems

 

 

 

  • The first stage: the event & log collection stage

It is the stage in which all security events and alerts are collected from all devices, systems, technologies, and services available in the entity’s infrastructure automatically. This is done by installing some special engines that collect these things and send them to SIEM to be stored in its own database.

  • The second stage: classification stage records and events (normalization)

It is the stage in which security events and alerts are categorized and the source of these events is determined either from the database or from web servers or other services, technologies and systems within the infrastructure.

 

  • The third stage: the analysis of records and events stage

It is the stage in which the responsible person or security team in the agency establishes special rules that are implemented when a specific security event or alert occurs. For example, if there was a specific security event to bypass wrong entry attempts on a specific device or service within the network for the number of times allowed, the security team will specify a specific action that will be taken, such as sending an email describing the matter in detail.

  • Fourth stage: Correlation stage

It is the stage that the SIEM undertakes to link the security events that have been gathered from various matters within the infrastructure with each other and determine the relationships between them in order to determine the mechanism by which the attack or attempted to penetrate or the process of penetration if it happened to save time on the security team at the entity.

  • Fifth stage: Reporting stage

It is the stage in which the security team in the company or entity is provided with a comprehensive report on all the security incidents that occurred within the network and the infrastructure, while providing them with recommendations and proposed measures to implement them in addition to many other matters and details.

 

 

Examples of the most popular existing SIEM systems

 

 

 

 

 

 

 

References:

  • https://rattibha.com/thread/1182014905332969478?lang=ar

  • https://www.technawi.net/%D8%A3%D9%86%D8%B8%D9%85%D8%A9-%D8%A5%D8%AF%D8%A7%D8%B1%D8%A9-%D8%A7%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D8%A7%D8%AA-%D8%A7%D9%84%D8%A3%D9%85%D9%86%D9%8A%D8%A9-siem/

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts
Recent Posts
Please reload

Archive
Please reload

Search By Tags
Please reload

Follow Us
  • Twitter Social Icon
  • LinkedIn Social Icon

Safe Decision Co. | Intelligent Solutions...  For Safe World