SIEMA: Bringing Advanced Analytics to Legacy Security Information and Event Management

Najafi, Pejman; Cheng, Feng; Meinel, Christoph

doi:10.1007/978-3-030-90019-9_2

Cited by 4 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• The SIEM (Security Information and Event Management) provides real-time analytics power and processes to correlate to find IOCs and threats in the entire enterprise [7]. • EDR solution (Endpoint Detection and Response) works with activity monitoring of endpoints and leverages behavioral analysis to bring out attacks that bypass ordinary control barriers [7]. • Security Orchestration, Automation, and Response (SOAR) help construct playbooks that, when triggered, can enact processes aimed at containing threats instantly [8].…”

Section: Solutionmentioning

confidence: 99%

Real-Time Incident Response and Remediation-A Review Paper

Mahida

2023

J Arti Inte & Cloud Comp

View full text Add to dashboard Cite

The real-time correlation of IRR to effective cyber defense plays a crucial role. Regular answers usually take more time to be provided and permit devastations to occur, thus becoming more severe. The swiftest IRR of automation and real-time analytics is characterized by early threat detection, instant response, and quick incident resolution. The very needed capabilities include machine detection of abnormalities and threats, quick investigation through correlation and AI, and fast response through preinstalled playbooks. SIEM, EDR, and SOAR operationalization make active IRR possible in real-time. The positive aspects of introducing such a solution are pronounced - early threat containment, speedy recovery, and higher efficiency levels for the security team. On the other hand, actual-time IRR has limitations: false positives, integration of faiths, people and procedures dependence, and effectiveness against advanced threats. However, inundation by the real-time IRR signifies a cybersecurity revolution. The real-time IRR is an opportunity for innovation in analytics and automation that partially or transforms the enterprise security system. However, the dissemination faces technical and coordination-related barriers. The real-time IRR capability is a clear sign of progress in eliminating the cyber resiliency gap, but there is still room for improvement to achieve the best.

show abstract

Section: Solutionmentioning

confidence: 99%