Skip to main content

Event Management AND Security information | IT NETWORKS

Security Information and Event Management or SIEM, grew out of two requirements. One was to contend with the flood of alerts issued from IPS or Intrusion Prevention Systems and IDS or Intrusion Detection Systems which were overwhelming security teams.

IDS were used to measure and prove compliance to various legislations. A deluge of compliance legislation appeared in the first two decades of the twenty-first century in reply to numerous high-profile network breaches.


In the other hand, the technology needed several things:

First, logs aggregation from many network sources, such as network and security devices, servers and databases, and applications into a central repository for analysis and pattern detection.
Second, storing data logs for a period of time to satisfy auditing requirements.
Third, correlation, monitoring and notifying events in real-time.


siem - no copyright photo



 SIEM is primarily an information platform. As CyberAttacks became more sophisticated and stealthy, demands for information about a CYBERATTACK, it's characteristics, its purpose and the degree to which it had penetrated the networks, grew louder.

Another alarming fact was that the security teams very often did not discover a breach until many months after it had occurred, and then it was more often discovered by a third party then internal security.



IT Security needed a global overview of what is happening in the network and the real-time data that the SIEM collected was identified as a valuable asset to leverage. In the second stage of development, threat detection capabilities with built-in threat intelligence, historical and real-time analytics, and user and entity behaviour analytics or (UEBA) were added.


Recently machine learning became a part of SIEM's tools and is particularly needed when sifting through Big DATA.

Another issue that beleaguered SIEM was the effort involved to configure and set it up than integrate it into the network and use it.
It was kind of complex and not so clear to use and demanded a very skilled person to manage and identify attacks.
Also, everything became more sophisticated and hard to manage because IT infrastructures weren't homogenous.


In nowadays SIEM products, most of them are based on machine learning which solved too many problems and issues. Machine learning made it easy to detect attacks and identify issues in addition to its configuration and implementation which became more automated.


Learn more:

In Programing

How to install PYTHON 3.8.0 :
https://itnetworks2020.blogspot.com/2019/12/1-programming-with-python-installing.html

In Security

Endpoint introduction :
https://itnetworks2020.blogspot.com/2019/10/endpoints-introduction.html

Firewalls:
https://itnetworks2020.blogspot.com/2019/10/firewalls.html

Security Email Gateways:
https://itnetworks2020.blogspot.com/2019/10/secure-email-gateway.html

CyberSecurity Evolution : UnKnown Threats:
https://itnetworks2020.blogspot.com/2019/10/cybersecurity-evolution-unknown-threats.html

CyberSecurity Evolution : Known Threats
https://itnetworks2020.blogspot.com/2019/10/cybersecurity-evolution-known-threats.html








Labels:
Location: États-Unis

Comments

Post a Comment

Popular posts from this blog

Automating VLAN Creation on Cisco Devices with Ansible

  Automating VLAN Creation on Cisco Devices with Ansible Ansible is a powerful automation tool that simplifies network management tasks, including creating VLANs on Cisco devices. For beginners, this guide will walk you through automating VLAN creation step-by-step, from setting up Ansible to deploying VLAN configurations. What is a VLAN? A VLAN (Virtual Local Area Network) is a logical group of devices within a network that can communicate as if they were on the same physical network, regardless of their physical location. VLANs improve network efficiency and security by segmenting traffic. Why Use Ansible for VLAN Automation? Consistency: Avoid manual configuration errors. Efficiency: Configure multiple devices in seconds. Scalability: Manage large-scale networks easily. Flexibility: Supports various Cisco devices and integrates with other tools. Prerequisites Cisco Device Configuration: Ensure your Cisco devices support SSH and are configured to allow Ans...
Post a Comment
Read more

20 Linux Commands for Listing Users, Folders, and Processes on Ubuntu and Red Hat

 Linux provides a variety of commands to retrieve information about system users, directories, and processes. This article presents 20 essential Linux commands for listing and managing users, folders, and processes, applicable to both Ubuntu and Red Hat systems. 1. Listing Users cat /etc/passwd Displays a list of all users on the system along with their user IDs, home directories, and shells. getent passwd Fetches user information from the system's databases, useful in environments with LDAP or NIS. who Shows all users currently logged in to the system. w Displays detailed information about logged-in users, including their active processes. users A simple command that lists the currently logged-in users. id [username] Displays user ID (UID), group ID (GID), and group memberships for a specific user. finger [username] Provides information about a user, including their real name, login time, and more. (May require installation: sudo apt install finger...
Post a Comment
Read more

30 Linux Commands You Should Know

Linux is a powerful operating system used by developers, system administrators, and tech enthusiasts worldwide. Whether you're new to Linux or brushing up on your skills, here are 30 essential commands every Linux user should know: Start Learning   Linux Fundamentals  For Free 1. ls Lists files and directories in the current directory. ls 2. cd Changes the current directory. cd /path/to/directory 3. pwd Prints the current working directory. pwd 4. touch Creates an empty file. touch filename 5. mkdir Creates a new directory. mkdir new_directory 6. rm Removes files or directories. rm filename Use rm -r for directories. 7. cp Copies files or directories. cp source destination 8. mv Moves or renames files and directories. mv oldname newname 9. cat Displays the contents of a file. cat filename 10. nano Opens a simple text editor. nano filename 11. vim A powerful text editor. vim filename 12. chmod Changes file permissions. chmod 755 filen...
Post a Comment
Read more