STUDY OF THE CURRENT STATE OF SIEM SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2024.25.618Keywords:
SIEM; security information and event management; cloud platforms; critical infrastructure; cyber security; informational security.Abstract
In this work, a study of SIEM systems, the relevance of which has grown significantly during the full-scale invasion of Russia into Ukraine, has been carried out. The task of finding the most optimal solutions was solved according to the following criteria: ease of use, ability to integrate with other protection solutions, pricing policy and features. For this purpose, the work considered a general description of the structure and principle of operation of the SIEM system, determined the capabilities and features of modern SIEM systems, conducted a study of the following software (software): Splunk Enterprise Security (Splunk), Elastic Security, IBM QRadar SIEM, Wazuh SIEM, Microsoft Sentinel. As a result of the research, the following was revealed: modern SIEM solutions allow automating part of the processes of detection and response to security events, allow to take control of hybrid types of infrastructure, which may include cloud environments, virtualization and containerization systems, workstations and other corporate devices. They are implemented both in the form of deployment of their solutions at their own facilities, and in the form of renting relevant resources, providing a Software-as-a-Service service. At the same time, the presence of a large number of integrations with various software packages and systems allows SIEM to monitor the compliance of the current state of cyber protection of the organization's information infrastructure with certain international standards, such as ISO 27001, GDPR or PCI DSS. It was determined that modern SIEMs use advances in machine learning and artificial intelligence to detect anomalies in system and user behavior, as well as to prioritize identified vulnerabilities and suggest steps to improve the state of cyber defense. The considered solutions work in conjunction with other modern systems, such as SOAR or EDR/XDR, which increases the efficiency of SIEM systems and, as a result, security operation centers, therefore, according to the authors, the corresponding technologies deserve further research.
Downloads
References
The number of cyberattacks during the war tripled. (2022). State Service for Special Communications and Information Protection of Ukraine. https://cip.gov.ua/ua/news/kilkist-kiberatak-pid-chas-viini-zrosla-vtrichi
Leung, B. K. (2021). Security Information and Event Management (SIEM) Evaluation Report. ScholarWorks. https://scholarworks.calstate.edu/downloads/41687p49q
González-Granadillo, G., González-Zarzosa, S., Diaz, R. (2021). Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21(14). https://doi.org/10.3390/s21144759
Muhammad, S., et al. (2023). Effective Security Monitoring Using Efficient SIEM Architecture. Human-centric Computing and Information Sciences, 13. https://doi.org/10.22967/HCIS.2023.13.017
Magic Quadrant for Security Information and Event Management. (n. d.). Gartner. https://www.gartner.com/doc/reprints?id=1-2AHCXAHG&ct=220701
Guide for Security-Focused Configuration Management of Information Systems. (2021). NIST. https://doi.org/10.6028/NIST.SP.800-128
What is SIEM. Security Information and Event Management Tools. (n. d.). Imperva. https://www.imperva.com/learn/application-security/siem/
SOAR and SIEM in 2023: Key Trands and New Changes. (2023). Security Intelligence. https://securityintelligence.com/articles/soar-and-siem-in-2023-key-trends-and-new-changes/
Gartner® Magic Quadrant™ for SIEM. (n. d.). Splunk. https://www.splunk.com/en_us/form/gartner-siem-magic-quadrant.html
Splunk Enterprise Security. (n. d.). Splunk. https://www.splunk.com/en_us/products/enterprise-security.html
Splunk Cloud Platform. (n. d.). Splunk. https://www.splunk.com/en_us/products/splunk-cloud-platform.html
Elastic Security Solution. (n. d.). Elastic. https://www.elastic.co/security/
SIEM & Security Analytics | Elastic Security | Elastic SIEM. (n. d.). Elastic. https://www.elastic.co/security/siem/
Visual event analyzer | Elastic Security Solution [8.12] | Elastic. (n. d.). Elastic — The Search AI Company | Elastic. https://www.elastic.co/guide/en/security/current/visual-event-analyzer.html
IBM Security QRadar. (n. d.) https://www.ibm.com/qradar/
What is the MITRE ATT&CK Framework? | IBM. (n. d.). https://www.ibm.com/topics/mitre-attack/
IBM QRadar SIEM Solution Brief. (n. d.). https://www.ibm.com/downloads/cas/RLXJNX2G
Overview | Wazuh. (n. d.). https://wazuh.com/platform/overview/
Wazuh – The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads. (n. d.). https://github.com/wazuh/wazuh?tab=readme-ov-file#wazuh
Regulatory compliance – Wazuh documentation. (n. d.). https://documentation.wazuh.com/current/compliance/index.html
How SCA works – Security Configuration Assessment. (n. d.). https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/how-it-works.html
Wazuh License. (n. d.). https://github.com/wazuh/wazuh/blob/master/LICENSE
Microsoft Sentinel – хмарне SEIM-рішення. (n. d.). https://www.microsoft.com/uk-ua/security/business/siem-and-xdr/microsoft-sentinel/
Moving to Next-Gen SIEM with Microsoft Sentinel. (n. d.). https://www.microsoft.com/insidetrack/blog/moving-to-next-generation-siem-at-microsoft-with-microsoft-azure-sentinel/
What is Microsoft Sentinel? (n. d.). https://learn.microsoft.com/uk-ua/azure/sentinel/overview/
Smirnov, O., et al. (2023). Simulation of the cloud IoT-based monitoring system for critical infrastructures. In: CEUR Workshop Proceedings, vol. 3530, 256–265.
Smirnov, O., et al. (2022). Method Detection Audit Data Anomalies on Basis Restricted Cauchy Machine. In: CEUR Workshop Proceedings, vol. 3187, 1–12.
Smirnov, O., et al. (2023). Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm. Intelligent Communication Technologies and Virtual Mobile Networks, 131, 21–34.
Smirnov O. A., et al. (2020). Models and algorithms for ensuring functional stability and cybersecurity of virtual cloud resources. Journal of Theoretical and Applied Information Technology, 98(21), 3334–3346.
Smirnov O. A., et al. (2020). Research of cloud technologies as services. Cybersecurity: Education, Science, Technology, 3(7), 43–62.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Тетяна Смірнова, Лілія Константинова , Оксана Конопліцька-Слободенюк , Ян Козлов, Оксана Кравчук, Наталія Козірова, Олексій Смірнов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.