siem architecture

SIEM Architecture

By

Nishanth Kumar Pathi

Nishanth Kumar Pathi

• Information Security Consultant

• null – moderator

• OWASP Contributor

• @nishanthkumarp

• http://nishanth.co.in

Typical Corporate Environment

Defense in Depth

Problem Statement

• Which events should be gathered ?

• How we manage the vast amount of logs and information

• What and How should we parse, normalize and time-correction ?

• How should the events be stored ?

• Identify data breach internal or external

• Mitigate cyber attacks.

• Meet Compliance Requirements.

What is SIEM

• Security Incident Event Management

• Real time monitoring of Servers, Network Devices.

• Correlation of Events

• Analysis and reporting of Security Incidents.

• Threat Intelligence

• Long term storage

Evolution

• SIM – System* Information Management

• SEM - Security Event Management

• NBA – Network Based Analysis

• Log Management – Log file capture & Storage

• SIEM - SIM & SEM

Features of SIEM

What it can collect ?

Work Flow

Collect data form log sources

Correlates Events

Alerts Security incidents

Generates IT security &

compliance reports

Archive Logs for Forensic

Analysis

SIEM Architecture

12

Dashboard

Implementation

Self Hosted , Self Managed

Cloud Hosted , Self Managed

Hybrid Model , Jointly Managed

Why SIEM Implementation Fails ?

• Lack of Planning

• Faulty Deployment Strategies.

• Operational Knowledge

Any Questions ?

Nishanth Kumar Pathi

• Information Security Consultant

• null – moderator

• OWASP Contributor

• @nishanthkumarp

• http://nishanth.co.in