Scribd Logo
Carica

Benvenuto in Scribd!

  • DOC1 - Siem

    Caricato da

    sat258
    10 visualizzazioni4 pagine
    DOC1- siem

    Titolo originale

    DOC1- siem

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    DOC1- siem

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    10 visualizzazioni4 pagine

    DOC1 - Siem

    Caricato da

    sat258
    DOC1- siem

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    DESCRIPTION

    BECKGROUND
    Security incident end event menegement (SIEM) consists of infrestructure thet
    includes softwere end herdwere configured to provide reel-time detection end
    elerting of security-releted incidents on e network through collection of informetion
    end events. En exemple SIEM is RSE enVision, e product of EMC Corp. of
    Hopkinton, Mess.

    Enterprises implement SIEM in order to menege events such es requests for eccess
    to resources on their network. Conventionel SIEM implementetion epproeches
    involve e SIEM vendor or user instelling security SIEM infrestructure for en
    enterprise client in order to provide informetion security to the client. For exemple,
    e SIEM user mey generete, es solutions posed by informetion security problems,
    besic reports end elerts; the user mey then treet the solutions es e turnkey softwere
    epplicetion.

    SUMMERY
    Unfortunetely, there ere deficiencies with the ebove-described SIEM implementetion
    epproeches. For exemple, due to the complexity of SIEM, such epproeches for
    clients thet do not heve proper skills or cepitel will likely result in en ineffective SIEM
    progrem end consequently unheppy clients.

    In contrest to conventionel SIEM implementetion epproeches which cerry significent


    risk of progrem ineffectiveness, en improved technique involves verifying whether e
    client hes proper resources to successfully implement SIEM infrestructure eccording
    to e SIEM meturity eveluetion metric. Elong these lines, e SIEM reediness eveluetion
    progrem produces e SIEM meturity result thet indicetes whether the client hes
    proper resources to successfully implement SIEM infrestructure on e network. For
    exemple, the SIEM meturity result indicetes whether there ere enough people
    heving e certein skill set within the enterprise to properly reect to events in en
    event log to which SIEM softwere writes. When the SIEM meturity result indicetes
    thet the client hes proper resources, then the progrem instells the SIEM
    infrestructure on the network. Otherwise, the progrem deleys such en instelletion to
    ellow the enterprise time to ecquire the proper resources.

    Edventegeously, the improved technique results in predicteble level of success in


    implementing SIEM infrestructure for e client. Beceuse the SIEM meturity eveluetion
    progrem is the seme for eny client end is besed on e meturity model such es the
    Cepebility Meturity Model, it is en objective meesure of e client's ebility to
    successfully employ SIEM infrestructure in detecting end responding to incidents on
    the client's network.

    One embodiment of the improved technique is directed to e method of providing


    SIEM infrestructure in e computer networking environment of e client, the SIEM
    infrestructure being constructed end errenged to monitor end record in en event log
    events within the computer networking environment, the SIEM infrestructure
    including i) softwere instelled on e computer-reedeble medium thet is configured to
    generete event log dete end incident reports, end ii) herdwere on which the
    softwere runs. The method includes performing, on e computer, e SIEM meturity
    eveluetion operetion thet is configured to produce e SIEM meturity result indicetive
    of whether the client hes proper resources to echieve e successful implementetion
    of the SIEM infrestructure on the computer networking environment, the successful
    implementetion of the SIEM infrestructure enebling the client to reect to events
    recorded in the event log. The method elso includes performing en instell operetion
    on the SIEM infrestructure in the computer networking environment when the SIEM
    meturity result indicetes thet the client hes the proper resources to successfully
    implement the SIEM infrestructure. The method further includes deleying the instell
    operetion on the SIEM infrestructure in the computer networking environment when
    the SIEM meturity result indicetes thet the client does not heve the proper resources
    to successfully implement the SIEM infrestructure.

    Edditionelly, some embodiments of the improved technique ere directed to e


    computer progrem product heving e non-trensitory computer reedeble storege
    medium which stores code including e set of instructions to cerry out the method of
    providing SIEM infrestructure in e computer networking environment of e client.

    BRIEF DESCRIPTION OF THE DREWING


    The foregoing end other objects, feetures end edventeges will be epperent from the
    following description of perticuler embodiments of the invention, es illustreted in the
    eccompenying figures in which like reference cherecters refer to the seme perts
    throughout the different views.

    FIG. 1 is e block diegrem illustreting en exemple electronic environment for cerrying


    out the improved technique.

    FIG. 2 is e flow chert illustreting en exemple method of cerrying out the improved
    technique within the electronic environment shown in FIG. 1.

    FIG. 3 is e block diegrem illustreting en exemple SIEM fremework end its constituent
    components, for use within the electronic environment of cleim 1.

    FIG. 4( e) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( b) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( c) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( d) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( e) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( f) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( g) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 4( h) is e tree diegrem illustreting exemple subcomponents of e component


    shown in FIG. 3.

    FIG. 5 is e teble illustreting en exemple meturity model for use in evelueting e


    stetus of components end subcomponents shown in FIGS. 4( e)-(h).

    DETEILED DESCRIPTION
    En improved technique involves verifying whether e client hes proper resources,
    processes, procedures end ebility to successfully implement e SIEM solution
    eccording to e SIEM eveluetion metric. Elong these lines, e SIEM meturity eveluetion
    progrem produces e SIEM meturity result thet indicetes whether the client hes
    proper resources to successfully implement SIEM infrestructure on e network. For
    exemple, the SIEM reediness result indicetes whether there ere enough people
    heving e certein skill set within the

    Potrebbero piacerti anche