In this article, we will discuss SIEM systems. SIEM stands for “Security Information and Event Management” and its Turkish equivalent is Security Information and Event Management. SIEM provides a proactive solution to alleviate the workload of IT teams with event collection, log analysis and reporting from information systems. SIEM is a combination of Security Information Management and Security Event Management concepts. In short, it provides centralization and analysis of logs in EDR systems.
A SIEM product can appear as software, hardware, and managed services.
The advantages of SIEM products are as follows;
⦁ Log Management.
⦁ Real-time monitoring.
⦁ Advanced threat detection.
⦁ Incident Management.
⦁ Reporting.
⦁ Notification and warning.
⦁ Integration with security products.
⦁ Ease of management.
SIEM Working Steps
⦁ Collection of logs produced by various systems and end users.
⦁ Conversion of logs in different formats collected from different systems into a single format.(Normalization)
⦁ The stage of associating the logs and creating the connection. For example, it is associated with the occurrence of malicious activity outside of working hours from the company's computer of user X. Action is taken for events that pose a risk. (Correlation)
⦁ If more than one record of events is kept, it reduces the volume of data to be analyzed by reducing them to one record and helps speed up the processes. (Combining)
At the stage of collecting logs; operating systems, security devices, network systems, database systems, virtualization systems, web server application logs can be examined.
One of the most important features expected from SIEM solutions is the ability to detect why logs occur in systems and a strong correlation.
The most used SIEM products are:
⦁ IBM QRadar
⦁ Splunk
⦁ FortiSIEM
⦁ Logsign
⦁ McAfee
Open Source SIEM Major Open Source Software:
⦁ Elastic SIEM
⦁ Fluentd
⦁ Wazuh
⦁ Graylog
⦁ Octopussy
At the same time, it is a solution that will speed up the process when a violation is detected based on the logs that create warnings in SIEM mechanisms and in case of an event, the violation is reported to the Board within 72 hours within the scope of KVKK.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.