International Journal of Open Information Technologies

This article presents a study of the event collection and correlation system (SIEM), a comparison of different methods of collecting and processing data in information security systems and methods of collecting and processing data in information security systems, and also identifies the main problems of modern SIEM. The article consists of four sections, the first of which is an introduction, and a conclusion. The introduction reveals the relevance of the topic, identifies the goal and objectives. The second section is devoted to the analysis of data collection and processing methods in information security systems. The definition of such concepts as correlation rules and models in SIEM systems is given. The third section presents the results of the analysis of modern solutions in the field of data collection and processing in information security systems. The fourth section describes the problems and limitations of current SIEMs, and also suggests options for how to neutralize them when creating future SIEMs. The conclusion contains conclusions on the study and suggestions for using its results.

WaterISAC. 15 Fundamentals of cybersecurity for water supply and sewerage enterprises. Best practices for reducing vulnerabilities and attacks. Available online: https://www.waterisac.org/system/files/articles/15%20Cybersecurity%20Fundamentals%20%28WaterISAC%29.pdf (accessed October 10, 2022).

Miller, D.; Harris, S.; Harper, A.; Van Dyke, S.; Blask, C. Implementing Security Information and Event Management (SIEM); McGraw Hill: New York, NY, USA, 2010. [Google Scholar]

Nicolett, M.; Kavanagh, K.M. Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: http://docplayer.net/2407833-Magic-quadrant-for-security-information-and-event-management.html (accessed November 10, 2022).

Nicolett, M.; Kavanagh, K.M. Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: https://www.bankinfosecurity.com/whitepapers/2012-gartner-magic-quadrant-for-siem-w-602 (accessed November 12, 2022).

Nicolett, M.; Kavanagh, K.M.; Rochford, O. Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: https://www.bwdigitronik.ch/application/files/5814/5450/7565/www.gartner.com.com.pdf (accessed November 12, 2022).

Kavanagh, K.M.; Rochford, O.; Bussa, T. The Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: https://securelink.net/wp-content/uploads/sites/7/2016-Magic-Quadrant-for-SIEM.pdf (accessed November 10, 2022).

Kavanagh, K.M.; Sadowski, T.B.G. Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: https://virtualizationandstorage .files.wordpress.com/2018/03/magic-quadrant-for-security-information-and-event-3-dec-2018.pdf (accessed November 10, 2022).

Kavanagh, K.M.; Sadowski, T.B.G. Magic Quadrant for Security Information and Event Management, Gartner Technical Report. Available online: https://www.gartner.com/en/documents/3981040/magic-quadrant-for-security-information-and-event-manage (accessed November 25, 2022).

Scarfone, K. Comparison of the best SIEM systems on the market. Internet research. Available online: http://searchsecurity.techtarget.com/feature/Comparing-the-best-SIEM-systems-on-the-market (accessed November 27, 2022).

Nirvana, I. Comparison of SIEM-2016 products. Available online: http://infosecnirvana.com/siem-product-comparison-201 / (accessed November 21, 2022).

Rochford, O.; Kavanagh, K.M.; Bussa, T. Critical Capabilities for Security Information and Event Management; Technical Report; Gartner: Stamford, Connecticut, USA, 2016 [Google Scholar ]

McAfee. Security Information and Event Management (SIEM). Official website. Available online: https://www.mcafee.com/enterprise/en-us/products/siem-products.html (accessed November 29, 2022).

Trustwave. SIEM Enterprise. A brief description of the product. Available online: https://trustwave.azureedge.net/media/13581/tw-siem-enterprise.pdf?rnd=131659475410000000 (accessed November 29, 2022).

LogRhythm. Security Information and Event Management (SIEM). Available online: https://logrhythm.com/solutions/security/siem / (accessed May 31, 2022).