An Analysis of Security Information and Event Management Systems - The Use or SIEMs for Log Collection, Management and Analysis

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/89572
Download file(s):
File Description SizeFormat 
89572.pdfFulltext414.4 kBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: An Analysis of Security Information and Event Management Systems - The Use or SIEMs for Log Collection, Management and Analysis
Authors: Karlzén, Henrik
Abstract: In today's computer network environments huge amounts of security log data are produced. To handle this data and provide an increased level of information security and centralised log management and analysis Security Information and Event Management Systems (or SIEMs) can be used. SIEMs can help organisations that struggle with the various compliance regulations that exist and reduce the risk of intrusions into the network. SIEMs collect and aggregate log data from various devices and applications through software called agents, filter uninteresting data and normalise to a proprietary format, analyse through correlation using contextual information and alert administrators in case of attack. Log data is stored using special security mechanisms in so called write-once-read-many media for compliance reasons. In this paper special attention is also given to security at the log source. An overview of the market is detailed as are suggestions on how to organise the environment around the SIEM and what log data that is worthy of analysis. It is forecasted that compliance will continue to be the most important motivator for procuring SIEMs. The usability and scalability is anticipated to increase as the market continues to grow rapidly and standardisation will become a key factor. More focus will be on incorporating contextual information into the analysis process, especially for identity and access management. Supported types of log sources will increase in number and policy oriented automated response capabilities will be developed.
Keywords: Information Technology;Informationsteknik
Issue Date: 2009
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/89572
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.