Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Library:The Importance of Utilizing a SIEM Solution in a Network Operations Center (NOC)

From Aanval Wiki
Jump to: navigation, search

Back to Library Main

The Importance of Utilizing a SIEM Solution in a Network Operations Center (NOC). What Security Experts Are Saying.

Overview

In order to effectively manage and monitor a Network Operations Center, organizations and managed service providers need to select a capable network management software, reporting software, and notification software.

Why Select or Switch to SIEM Technology?

Security experts believe that SIEM technology, with its ability to automate log monitoring, correlation, pattern recognition, alerting, and forensic investigations has emerged as a central nervous system for gathering, generating, and optimizing IT intelligence. Utilizing a SIEM can help a Network Operations Center control, respond to and prevent threats impacting their environment around the clock. A SIEM can also provide valuable operational efficiency in any organization especially with large enterprises.

According to Sans Organization, “A capable SIEM tool can deliver the analytics and knowledge of a good security engineer and can be automated and repeated against a mountain of events from a range of devices. Instead of 1,000 events per day, an engineer with a SIEM tool can manage 100,000 events per day or more. A SIEM tool from an operational perspective is to reduce the number of security events on any given day to a manageable, actionable list, and to automate analysis such that real attacks and intruders can be discerned.”

Network World News reported: “The size and complexity of today's enterprises is growing exponentially, along with the number of IT personnel to support them. Operations are often split among different groups such as the NOC, the Security Operations Center (SOC), the server team, and the desktop team each with their own tools to monitor and respond to events. This makes information sharing and collaboration difficult when problems occur. A SIEM can pull data from disparate systems into a single pane of glass, allowing for efficient cross-team collaboration in extremely large enterprises.”

Neil Roiter, Senior Technology Editor of TechTarget, in a security article stated that “Solution providers can help customers meet security monitoring, reporting, and audit requirements by offering services built around Security Information and Event Management (SIEM) tools. SIEM vendors and Managed Service Provider (MSP) say that with a broad portfolio of managed security services, MSPs are in a good position to leverage their in-house security expertise and infrastructure to build SIEM service offerings.”

According to Global Security Magazine “Security Information and Event Management (SIEM) can provide the security leap-frog in a world of point solution--to ensure there are no blind spots in your network security architecture. The SIEM system also was designed to be the single ‘console’ in which the administrator would get both total situational and context-awareness."