Academic Journal
STUDY OF THE CURRENT STATE OF SIEM SYSTEMS ; ДОСЛІДЖЕННЯ СУЧАСНОГО СТАНУ SIEM-СИСТЕМ
| العنوان: | STUDY OF THE CURRENT STATE OF SIEM SYSTEMS ; ДОСЛІДЖЕННЯ СУЧАСНОГО СТАНУ SIEM-СИСТЕМ |
|---|---|
| المؤلفون: | Смірнова, Тетяна, Константинова , Лілія, Конопліцька-Слободенюк , Оксана, Козлов, Ян, Кравчук, Оксана, Козірова, Наталія, Смірнов, Олексій |
| المصدر: | Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique»; Vol. 1 No. 25 (2024): Cybersecurity: Education, Science, Technique; 6-18 ; Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка»; Том 1 № 25 (2024): Кібербезпека: освіта, наука, техніка; 6-18 ; 2663-4023 ; 10.28925/2663-4023.2024.25 |
| بيانات النشر: | Education, Science, Technique |
| سنة النشر: | 2024 |
| المجموعة: | Cybersecurity: Education, Science, Technique (E-Journal) / Кібербезпека: освіта, наука, техніка |
| مصطلحات موضوعية: | SIEM, security information and event management, cloud platforms, critical infrastructure, cyber security, informational security, управління інформацією та подіями безпеки, хмарні платформи, критична інфраструктура, кібербезпека, інформаційна безпека |
| الوصف: | In this work, a study of SIEM systems, the relevance of which has grown significantly during the full-scale invasion of Russia into Ukraine, has been carried out. The task of finding the most optimal solutions was solved according to the following criteria: ease of use, ability to integrate with other protection solutions, pricing policy and features. For this purpose, the work considered a general description of the structure and principle of operation of the SIEM system, determined the capabilities and features of modern SIEM systems, conducted a study of the following software (software): Splunk Enterprise Security (Splunk), Elastic Security, IBM QRadar SIEM, Wazuh SIEM, Microsoft Sentinel. As a result of the research, the following was revealed: modern SIEM solutions allow automating part of the processes of detection and response to security events, allow to take control of hybrid types of infrastructure, which may include cloud environments, virtualization and containerization systems, workstations and other corporate devices. They are implemented both in the form of deployment of their solutions at their own facilities, and in the form of renting relevant resources, providing a Software-as-a-Service service. At the same time, the presence of a large number of integrations with various software packages and systems allows SIEM to monitor the compliance of the current state of cyber protection of the organization's information infrastructure with certain international standards, such as ISO 27001, GDPR or PCI DSS. It was determined that modern SIEMs use advances in machine learning and artificial intelligence to detect anomalies in system and user behavior, as well as to prioritize identified vulnerabilities and suggest steps to improve the state of cyber defense. The considered solutions work in conjunction with other modern systems, such as SOAR or EDR/XDR, which increases the efficiency of SIEM systems and, as a result, security operation centers, therefore, according to the authors, the corresponding ... |
| نوع الوثيقة: | article in journal/newspaper |
| وصف الملف: | application/pdf |
| اللغة: | Ukrainian |
| Relation: | https://csecurity.kubg.edu.ua/index.php/journal/article/view/646/499; https://csecurity.kubg.edu.ua/index.php/journal/article/view/646 |
| DOI: | 10.28925/2663-4023.2024.25.618 |
| الاتاحة: | https://csecurity.kubg.edu.ua/index.php/journal/article/view/646 https://doi.org/10.28925/2663-4023.2024.25.618 |
| Rights: | Авторське право (c) 2024 Тетяна Смірнова, Лілія Константинова , Оксана Конопліцька-Слободенюк , Ян Козлов, Оксана Кравчук, Наталія Козірова, Олексій Смірнов ; https://creativecommons.org/licenses/by-nc-sa/4.0 |
| رقم الانضمام: | edsbas.C38CC8CD |
| قاعدة البيانات: | BASE |
| DOI: | 10.28925/2663-4023.2024.25.618 |
|---|