Using SIM for threat monitoring

Integration of Networking and Security School

Using SIM for threat monitoring

From a security perspective, it is challenging to keep ahead of the constantly evolving enterprise threat landscape. Security information and event management (SIEM) systems, however, can be a vital component of an enterprise’s threat mitigation arsenal, providing comprehensive data on what threat an enterprise actually faces. In particular SIEM systems and technology enable more dynamic detection than some of the more traditional defenses. This lesson helps enterprises learn how to catalog the types of threats that they confront, and goes on to identify those which could be addressed through the expedient use of a SIEM approach.

About the author:
Andrew Hutchison is an information security specialist with T-Systems International and an adjunct professor of computer science at the University of Cape Town in South Africa.

In this part:

Webcast: Using SIEM as a component of an enterprise threat detection strategy

The threat landscape of an enterprise can be hard to profile and address. Enterprise risk can be mitigated through the use of security information and event management (SIEM) technology in the enterprise. In this webcast presentation, viewers will get a primer on using SIEM as a component of enterprise threat detection, including:

  • The evolving threat landscape for enterprises
  • Strategies for addressing the threats
  • SIEM as component for threat detection
  • Case studies of SIEM deployments for threat detection
  • Evolving opportunities for SIEM enrichment
  • SIEM roadmap for enterprises
This presentation will help security professionals identify the key benefits and opportunities for SIEM in responding to threats, both current and future.

Tip: Achieving high SIEM coverage and maximizing response value

The effectiveness of a SIEM implementation can be enhanced before it even begins by developing a clear plan of the systems that will interface with the SIEM and how that interaction will occur, and the types of threats that can be mitigated. After initial SIEM establishment there is a "fine-tuning" phase during which the information collected needs to be reviewed and visualized. From an operational point of view, integration with existing systems and processes is also required. This technical tip will detail how to approach and manage each step of this process, with a special emphasis on:

  • Achieving high SIEM coverage;
  • Identifying areas to “zoom in” on, and;
  • Maximizing response value.

Podcast: Countdown - Steps to success in deploying SIEM for enterprise threat management

Deploying a SIEM is just the first step in the process of maximizing threat detection. A SIEM needs to be integrated, operationalized and optimized as enhancements emerge. This podcast takes listeners through a count-down of the "steps to success" in deploying SIEM systems in an enterprise, with the goal of enhancing threat management.

Quiz: Using SIM for threat monitoring

Take this five-question quiz to test your knowledge of our lesson on using SIM for threat monitoring.

Take the quiz