Nothing Special   »   [go: up one dir, main page]
Advanced
search

To read this content please select one of the options below:

Open source SIEM solutions for an enterprise

Aamna Tariq (National Center for Cyber Security, Air University, Islamabad, Pakistan)
Jawad Manzoor (National Center for Cyber Security, Air University, Islamabad, Pakistan)
Muhammad Ammar Aziz (National Center for Cyber Security, Air University, Islamabad, Pakistan)
Zain Ul Abideen Tariq (National Center for Cyber Security, Air University, Islamabad, Pakistan)
Ammar Masood (National Center for Cyber Security, Air University, Islamabad, Pakistan)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 27 September 2022

Issue publication date: 9 February 2023

961

Abstract

Purpose

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

Design/methodology/approach

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Findings

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Originality/value

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

Keywords

Acknowledgements

This research work was funded by Higher Education Commission Pakistan and Ministry of Planning, Development and Special Initiatives under National Centre of Cyber Security.

Citation

Tariq, A., Manzoor, J., Aziz, M.A., Tariq, Z.U.A. and Masood, A. (2023), "Open source SIEM solutions for an enterprise", Information and Computer Security, Vol. 31 No. 1, pp. 88-107. https://doi.org/10.1108/ICS-09-2021-0146

Publisher

:

Emerald Publishing Limited

Copyright © 2022, Emerald Publishing Limited

Related articles

Manage cookies

All feedback is valuable

Please share your general feedback

Report an issue or find answers to frequently asked questions

Contact Customer Support