TY - JOUR
T1 - The operational role of security information and event management systems
AU - Bhatt, Sandeep
AU - Manadhata, Pratyusa K.
AU - Zomlot, Loai
N1 - Publisher Copyright:
© 2003-2012 IEEE.
PY - 2014/9
Y1 - 2014/9
N2 - An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.
AB - An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant.
KW - SIEM
KW - SOC
KW - alerts
KW - events
KW - security
KW - security information and event management
KW - security operation center
UR - http://www.scopus.com/inward/record.url?scp=84908223993&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84908223993&partnerID=8YFLogxK
U2 - 10.1109/MSP.2014.103
DO - 10.1109/MSP.2014.103
M3 - Article
AN - SCOPUS:84908223993
SN - 1540-7993
VL - 12
SP - 35
EP - 41
JO - IEEE Security and Privacy
JF - IEEE Security and Privacy
IS - 5
M1 - 6924640
ER -