Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture

Authors

  • Akhigbe-mudu Thursday Ehis Computer Science/Information Technology Department, African Institute of Science Administration and Commercial Studies Lome, Togo

DOI:

https://doi.org/10.47852/bonviewAAES32021068

Keywords:

attackers, correlation rules, event log, false positives, false negatives

Abstract

This work integrates logical and physical security processes, and simplifies the manageability of the security infrastructure.  The process increases visibility to resources, which makes it easier to prevent security incidents, and provides a platform to manage the response and recovery after an incident occur.  Log collection is the heart and soul of a SIEM.  Log correlation is employed to identify particular sequences of log events from devices. The comparison between network level and host level events automatically perform initial validation that would not normally be performed. It considers movement of data between systems where it would not normally accounts logging on at unusual times or from unusual places, these may not generate specific security alerts, but can be much more easily spotted and flagged by a log correlation solution that sees everything in the environment. It shows some enhancements to event log normalization and significantly improves correlation rule execution. The event monitoring algorithm and SIEM correlation rules result in false positives or false negatives. Security managers, therefore, may waste time and resources that could be used to respond to real threats and assaults if there are too many false positives. This study hereby, strikes a compromise between lowering false positive alerts and not ignoring any potential abnormalities that could indicate a cyberattack when establishing SIEM correlation rules. In order to decide which data is pertinent and which data is irrelevant in an event pipeline, this research employs the use of filters. Through this examination, it can be inferred that the conditions are advantageous for promoting investment in the growth and enhancement of this technology as an essential component of industrial control systems with security operation centers, as well as offering cyber security management for small and medium-sized enterprises (SMEs) with restricted security expertise and capabilities.

 

Received: 15 May 2023 | Revised: 14 July 2023 | Accepted: 24 July 2023

 

Conflicts of Interest

The author declares that he has no conflicts of interest to this work.

 

Data Statement Availability

Data available on request from the corresponding author upon reasonable request.


Downloads

Published

2023-07-25

Issue

Section

Research Articles

How to Cite

Ehis, A.- mudu T. (2023). Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture. Archives of Advanced Engineering Science, 1-10. https://doi.org/10.47852/bonviewAAES32021068