Abstract

Technological advancement in modern-day society has revolutionized the IT sector. Almost every person uses a digital device to access particular networks. As such, cybersecurity has become a significant problem due to the increased vulnerability of the network systems. IT security teams can barely promote security using traditional tools. The best approach is to implement countermeasures that match today's complex issues and emerging threats in IT. The security information and event management (SIEM) software enhance cybersecurity (Mokalled et al. 2019). SIEM has many advantages of other security tools, such as the Syslog servers. SIEM software is useful for real-time monitoring, identification, and prioritization of security risks. The software was developed by combining two IT concepts; “security information management (SIM) and security event management (SEM)” (Suroso & Prastya 2020). SIM is designed to collect log data for various events in a network while SEM critically analyzes the data and real-time logs to identify security threats. Therefore, SIEM is useful for managing logs, collecting and analyzing information, as well as initiating appropriate countermeasures to enhance system security. The software enables security teams to assess and respond effectively to vulnerabilities and potential threats faster. A significant advantage of using SIEM is that the software facilitates real-time monitoring and the application of countermeasures. Forensic investigators can analyze logs stored in multiple databases without compromising the credibility of evidence using SIEM. SIEM also promotes compliance with various cybersecurity laws, like the “Federal Information Security Management Act (FISMA).” Most importantly, the incorporation of Splunk Enterprise Security in SIEM enables security experts to analyze data retrieved from all network applications and hardware in real-time; thus, internal and external threats are identified (Podzins & Romanovs 2019). Cyberspace has rapidly changed, leading to the emergence of complex security issues. Security teams should rely on SIEM’s visibility and awareness features to detect threats and apply countermeasures.

References

Mokalled, H., Catelli, R., Casola, V., Debertol, D., Meda, E., & Zunino, R. (2019). The Guidelines to Adopt an Applicable SIEM Solution. Journal of Information Security, 11(1), 46-70. https://www.scirp.org/journal/paperinformation.aspx?paperid=97094

Podzins, O., & Romanovs, A. (2019, April). Why SIEM is irreplaceable in a secure IT environment?. In 2019 Open Conference of Electrical, Electronic, and Information Sciences (eStream) (pp. 1-5). IEEE. https://doi.org/ 10.1109/eStream.2019.8732173

Suroso, J. S., & Prastya, C. P. (2020, June). Cyber Security System With SIEM And Honeypot In Higher Education. In IOP Conference Series: Materials Science and Engineering (Vol. 874, No. 1, p. 012008). IOP Publishing. https://iopscience.iop.org/article/10.1088/1757-899X/874/1/012008/pdf