The need for SIEM (Security Information and even Management) systems increased in the last years. Many companies seek to reinforce their security capabilities to better safeguard against cybersecurity threats, so they adopt multi-layered security strategies that include using a SIEM solution. However, implementing a SIEM solution is not just an installation phase that fits any scenario within any organization; the best SIEM system for an organization may not be suitable at all for another one. An organization should consider other factors along with the technical side when evaluating a SIEM solution. This paper proposes an approach to aid enterprises, in selecting an applicable SIEM. It starts by suggesting the requirements that should be addressed in a SIEM using a systematic way, and then proposes a methodology for evaluating SIEM solutions that measures the compliance and applicability of any SIEM solution. This approach aims to support companies that are seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites an SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers’ solutions.
References
[1]
Mokalled, H., Pragliola, C., Debertol, D., Meda, E. and Zunino, R. (2019) A Comprehensive Framework for the Security Risk Management of Cyber-Physical System. In: Flammini, F., Ed., Resilience of Cyber-Physical Systems, Advanced Sciences and Technologies for Security Applications, Springer, Cham, 49-68. https://doi.org/10.1007/978-3-319-95597-1_3
[2]
Casola, V., Fasolino, A.R., Mazzocca, N. and Tramontana, P. (2009) An AHP-Based Framework for Quality and Security Evaluation. 12th IEEE International Conference on Computational Science and Engineering, Vancouver, 29-31 August 2009, 405-411. https://doi.org/10.1109/CSE.2009.391
[3]
Casola, V., Fasolino, A.R., Mazzocca, N. and Tramontana, P. (2007) A Policy-Based Evaluation Framework for Quality and Security in Service Oriented Architectures. IEEE International Conference on Web Services, Salt Lake City, 9-13 July 2007, 1181-1182. https://doi.org/10.1109/ICWS.2007.11
[4]
Miloslavskaya, N. (2018) Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers. In: Samsonovich, A. and Klimov, V., Eds., Biologically Inspired Cognitive Architectures (BICA) for Young Scientists, Advances in Intelligent Systems and Computing, Vol. 636, Springer, Cham, 282-288. https://doi.org/10.1007/978-3-319-63940-6_40
[5]
Widup, S., Rudis, B., Hylender, D., Spitler, M., Thompson, K., Baker, W., Bassett, G., Karambelkar, B., Brannon, S., Kennedy, D. and Jacobs, J. (2015) Verizon in the Data Breach Investigations Report.
[6]
IBM Corporation (2010) IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. 2nd Edition. http://www.redbooks.ibm.com/abstracts/sg247530.html
[7]
Sadowski, G., Kavanagh, K. and Bussa, T. (2018) Technology Insight for the Modern SIEM. Resource Document. Gartner Inc., Stamford.
[8]
Bussa, T., Kavanagh, K. and Sadowski, G. (2018) Critical Capabilities for Security Information and Event Management. Resource Document. Gartner Inc., Stamford.
[9]
Tech Target: Security Information and Event Management (SIEM) (2014). http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM
[10]
Scarfone, K. (2015) Introduction to SIEM Services and Products. http://searchsecurity.techtarget.com/feature/Introduction-to-SIEM-services-and-products
[11]
Kavanagh, K., Bussa, T. and Sadowski, G. (2018) Magic Quadrant for Security Information and Event Management. Gartner MQ for Security Information and Event Management. Resource Document. Gartner Inc., Stamford.
[12]
Rochford, O., Kavanagh, K.M. and Bussa, T. (2016) Critical Capabilities for Security Information and Event Management. Resource Document. Gartner Inc., Stamford.
[13]
SANS Institute InfoSec Reading Room (2009) Benchmarking Security Information Event Management (SIEM).
[14]
Nabil, M., Soukainat, S., Lakbabi, A. and Ghizlane, O. (2017) SIEM Selection Criteria for an Efficient Contextual Security. International Symposium on Networks, Computers and Communications, Marrakech, 16-18 May 2017, 1-6. https://doi.org/10.1109/ISNCC.2017.8072035
[15]
Scriven, M. (1967) The Methodology of Evaluation. In: Stake, R.E., Ed., Curriculum Evaluation, Rand McNally, American Educational Research Association, Chicago, 39-83.
[16]
Banta, T.W. and Palomba, C. (1999) Assessment Essentials: Planning, Implementing, and Improving Assessment in Higher Education. Jossey-Bass, Inc., San Francisco.
[17]
(2019) Hitachi Rail Signaling and Transportation Systems (Hitachi Rail STS). http://sts.hitachirail.com/en/about-us
