The operational role of security information and event management systems

Sandeep Bhatt, Pratyusa K. Manadhata, Loai Zomlot

Research output: Contribution to journalArticle

29 Citations (Scopus)

Abstract

An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.

Original languageEnglish (US)
Article number6924640
Pages (from-to)35-41
Number of pages7
JournalIEEE Security and Privacy
Volume12
Issue number5
DOIs
StatePublished - Jan 1 2014
Externally publishedYes

Fingerprint

event
management
Security of data
Industry
incident
Monitoring
monitoring
time

Cite this

Bhatt, Sandeep ; Manadhata, Pratyusa K. ; Zomlot, Loai. / The operational role of security information and event management systems. In: IEEE Security and Privacy. 2014 ; Vol. 12, No. 5. pp. 35-41.
@article{fa880cd366784bddb5e9796b714b237a,
title = "The operational role of security information and event management systems",
abstract = "An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.",
author = "Sandeep Bhatt and Manadhata, {Pratyusa K.} and Loai Zomlot",
year = "2014",
month = "1",
day = "1",
doi = "https://doi.org/10.1109/MSP.2014.103",
language = "English (US)",
volume = "12",
pages = "35--41",
journal = "IEEE Security and Privacy",
issn = "1540-7993",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "5",

}

The operational role of security information and event management systems. / Bhatt, Sandeep; Manadhata, Pratyusa K.; Zomlot, Loai.

In: IEEE Security and Privacy, Vol. 12, No. 5, 6924640, 01.01.2014, p. 35-41.

Research output: Contribution to journalArticle

TY - JOUR

T1 - The operational role of security information and event management systems

AU - Bhatt, Sandeep

AU - Manadhata, Pratyusa K.

AU - Zomlot, Loai

PY - 2014/1/1

Y1 - 2014/1/1

N2 - An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.

AB - An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.

UR - http://www.scopus.com/inward/record.url?scp=84908223993&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84908223993&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/MSP.2014.103

DO - https://doi.org/10.1109/MSP.2014.103

M3 - Article

VL - 12

SP - 35

EP - 41

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

SN - 1540-7993

IS - 5

M1 - 6924640

ER -