STUDY OF THE CURRENT STATE OF SIEM SYSTEMS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.25.618

Keywords:

SIEM; security information and event management; cloud platforms; critical infrastructure; cyber security; informational security.

Abstract

In this work, a study of SIEM systems, the relevance of which has grown significantly during the full-scale invasion of Russia into Ukraine, has been carried out. The task of finding the most optimal solutions was solved according to the following criteria: ease of use, ability to integrate with other protection solutions, pricing policy and features. For this purpose, the work considered a general description of the structure and principle of operation of the SIEM system, determined the capabilities and features of modern SIEM systems, conducted a study of the following software (software): Splunk Enterprise Security (Splunk), Elastic Security, IBM QRadar SIEM, Wazuh SIEM, Microsoft Sentinel. As a result of the research, the following was revealed: modern SIEM solutions allow automating part of the processes of detection and response to security events, allow to take control of hybrid types of infrastructure, which may include cloud environments, virtualization and containerization systems, workstations and other corporate devices. They are implemented both in the form of deployment of their solutions at their own facilities, and in the form of renting relevant resources, providing a Software-as-a-Service service. At the same time, the presence of a large number of integrations with various software packages and systems allows SIEM to monitor the compliance of the current state of cyber protection of the organization's information infrastructure with certain international standards, such as ISO 27001, GDPR or PCI DSS. It was determined that modern SIEMs use advances in machine learning and artificial intelligence to detect anomalies in system and user behavior, as well as to prioritize identified vulnerabilities and suggest steps to improve the state of cyber defense. The considered solutions work in conjunction with other modern systems, such as SOAR or EDR/XDR, which increases the efficiency of SIEM systems and, as a result, security operation centers, therefore, according to the authors, the corresponding technologies deserve further research.

Downloads

Download data is not yet available.

References

The number of cyberattacks during the war tripled. (2022). State Service for Special Communications and Information Protection of Ukraine. https://cip.gov.ua/ua/news/kilkist-kiberatak-pid-chas-viini-zrosla-vtrichi

Leung, B. K. (2021). Security Information and Event Management (SIEM) Evaluation Report. ScholarWorks. https://scholarworks.calstate.edu/downloads/41687p49q

González-Granadillo, G., González-Zarzosa, S., Diaz, R. (2021). Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21(14). https://doi.org/10.3390/s21144759

Muhammad, S., et al. (2023). Effective Security Monitoring Using Efficient SIEM Architecture. Human-centric Computing and Information Sciences, 13. https://doi.org/10.22967/HCIS.2023.13.017

Magic Quadrant for Security Information and Event Management. (n. d.). Gartner. https://www.gartner.com/doc/reprints?id=1-2AHCXAHG&ct=220701

Guide for Security-Focused Configuration Management of Information Systems. (2021). NIST. https://doi.org/10.6028/NIST.SP.800-128

What is SIEM. Security Information and Event Management Tools. (n. d.). Imperva. https://www.imperva.com/learn/application-security/siem/

SOAR and SIEM in 2023: Key Trands and New Changes. (2023). Security Intelligence. https://securityintelligence.com/articles/soar-and-siem-in-2023-key-trends-and-new-changes/

Gartner® Magic Quadrant™ for SIEM. (n. d.). Splunk. https://www.splunk.com/en_us/form/gartner-siem-magic-quadrant.html

Splunk Enterprise Security. (n. d.). Splunk. https://www.splunk.com/en_us/products/enterprise-security.html

Splunk Cloud Platform. (n. d.). Splunk. https://www.splunk.com/en_us/products/splunk-cloud-platform.html

Elastic Security Solution. (n. d.). Elastic. https://www.elastic.co/security/

SIEM & Security Analytics | Elastic Security | Elastic SIEM. (n. d.). Elastic. https://www.elastic.co/security/siem/

Visual event analyzer | Elastic Security Solution [8.12] | Elastic. (n. d.). Elastic — The Search AI Company | Elastic. https://www.elastic.co/guide/en/security/current/visual-event-analyzer.html

IBM Security QRadar. (n. d.) https://www.ibm.com/qradar/

What is the MITRE ATT&CK Framework? | IBM. (n. d.). https://www.ibm.com/topics/mitre-attack/

IBM QRadar SIEM Solution Brief. (n. d.). https://www.ibm.com/downloads/cas/RLXJNX2G

Overview | Wazuh. (n. d.). https://wazuh.com/platform/overview/

Wazuh – The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads. (n. d.). https://github.com/wazuh/wazuh?tab=readme-ov-file#wazuh

Regulatory compliance – Wazuh documentation. (n. d.). https://documentation.wazuh.com/current/compliance/index.html

How SCA works – Security Configuration Assessment. (n. d.). https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/how-it-works.html

Wazuh License. (n. d.). https://github.com/wazuh/wazuh/blob/master/LICENSE

Microsoft Sentinel – хмарне SEIM-рішення. (n. d.). https://www.microsoft.com/uk-ua/security/business/siem-and-xdr/microsoft-sentinel/

Moving to Next-Gen SIEM with Microsoft Sentinel. (n. d.). https://www.microsoft.com/insidetrack/blog/moving-to-next-generation-siem-at-microsoft-with-microsoft-azure-sentinel/

What is Microsoft Sentinel? (n. d.). https://learn.microsoft.com/uk-ua/azure/sentinel/overview/

Smirnov, O., et al. (2023). Simulation of the cloud IoT-based monitoring system for critical infrastructures. In: CEUR Workshop Proceedings, vol. 3530, 256–265.

Smirnov, O., et al. (2022). Method Detection Audit Data Anomalies on Basis Restricted Cauchy Machine. In: CEUR Workshop Proceedings, vol. 3187, 1–12.

Smirnov, O., et al. (2023). Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm. Intelligent Communication Technologies and Virtual Mobile Networks, 131, 21–34.

Smirnov O. A., et al. (2020). Models and algorithms for ensuring functional stability and cybersecurity of virtual cloud resources. Journal of Theoretical and Applied Information Technology, 98(21), 3334–3346.

Smirnov O. A., et al. (2020). Research of cloud technologies as services. Cybersecurity: Education, Science, Technology, 3(7), 43–62.

Downloads


Abstract views: 98

Published

2024-09-25

How to Cite

Smirnova, T., Konstantynova, L., Konoplitska-Slobodeniuk, O., Kozlov, Y., Kravchuk, O., Kozirova, N., & Smirnov, O. (2024). STUDY OF THE CURRENT STATE OF SIEM SYSTEMS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(25), 6–18. https://doi.org/10.28925/2663-4023.2024.25.618

Most read articles by the same author(s)