|
|
|
Evaluation of Security Information Event Management Systems |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Evaluating Security Information Event Management (SIEM) solutions come in a lot of different flavours. The industry is not yet mature, and the competitors are pushing their own solutions, based on their background and capabilities. In general, they will all present more or less the following configuration model for the SIEM implementation. But other then the generic model, a lot of things are different. So, in order to sift through the multitude of solutions, the buyer needs to ask the real questions. Here are some of the key questions that need to be taken into consideration: * Is it possible to place an agent on the server machines - Certain SIEM solutions do not properly support remote collection of OS or application logs so they need a server side agent to do the job. On the other hand, most business critical systems are tightly controlled and do not allow for additional resident programs to be installed on the system for the risk of possible performance or reliability issues * Are there any custom applications that generate logs that needs to be collected by the SIEM? - The organization may require that the SIEM also collects and parses such logs, but proper parsing ability needs to be verified with a large sample of logs during a proof of concept run. * Is there any international standard or regulation that is mandating the SIEM solution - whatever standard needs to be met has a set of predefined controlling reports that confirm compliance to the standard. You need to confirm that the SIEM solution can produce the needed reports. * How long will you need to keep logs and conclusions online and offline? - data retention is key to such a massive collection of information. Typically, a SIEM system needs to be able to archive all historical events to external data storage, and preferably, the archival process should include an integrity control (MD5 or SHA1 hash) that guarantee that the logs haven't been tampered with while in archive. * What type of processing and alerting is required?- Proper answers to these questions will most likely eliminate the non-acceptable solutions, and will ease the evaluation process of the qualifying shortlist. Talkback and comments are most welcome Related posts Real Benefit of Security Information Event Management[][]
Les mots clés de la revue de presse pour cet article : security
Les videos sur SecuObs pour les mots clés : security
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : security
Les derniers articles du site "Information Security Short Takes" :
- Management Reaction to Failed Cloud Security
- Personal data - Publish only what you can afford to get leaked
- Microsoft Patch Tuesday - March 2010
- Cloud Computing Data Protection World Map
- Accelerating Security Assessment with MS Security Assessment Tool
- Minimize Impact of Online Intelligence Searches
- Digging for information with Open Source Intelligence
- Telco SLA - parameters and penalties
- Geo Location based DDOS can target Mobile Operators
- Free VS Commercial Database Vulnerability Scanning
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel |
| Mini-Tagwall de l'annuaire video : | | | | vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, conficker, wimax, virtu, virtual, engineering, cisco, reverse, shmoocon, ettercap, wireshark, hacker, firewall, internet, knoppix, rootkit, arduino, wireless, source, conference, backtrack, openbsd, brucon, systm, overflow, openssh, buffer, access, remote |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
