IAB Interactive Standardized Equipment List   return to main tree

Search Interactive SEL:



[05NP-00-SCAN] Prev [05PM-00-PTCH] Next
SEL Number: 05NP-00-SIEM
Title: System, Security Information and Event Management (SIEM)


Last Updated: 11/7/2024 10:32:46 AM

Previous SEL Number: 05NP-00-SIEM

Description: Software or appliance that gathers data from multiple security sources such as firewalls, intrusion detection systems, malware protection systems, etc. to provide log file consolidation and event correlation capability in support of network security operations.

While some client-side software may be required, this functionality may also be obtainable via subscription as a cloud-based service using a web browser interface, as opposed to purchasing software. However, special security considerations apply for data stored remotely. See 04AP-11-SAAS for further information.

ImportantFeatures: Provides agents to interface with existing security applications and devices.
Offers centralized management and storage of data from agents.
May provide visualization tools such as a graphic representation of enterprise security statistics.

Operating Considerations: Check whether agents are available for all currently-fielded software and devices.
Obtain complete pricing for baseline package, all required agents, and add-on software such as report generators before procurement.
Because of its central role in security and connections to multiple network security devices, this type of product, if identifiable on the network, can be a significant attack target for intruders. Care must be taken to secure the management system against attack.
Depending upon the volume of data being sent to the SIEM, additional data storage capacity may be required, and backup requirements should be considered (including long term storage capability for historical data).
Successful enterprise-wide deployments may require considerable time and effort. This often requires purchasing professional services from the vendor or VAR. This should be taken into account when considering any SIEM purchase.

Training Requirements: Core Training: Per Manufacturer's Specifications
Initial Training: Extensive (> 2 days)
Sustainment Training: Extensive (> 2 days)

Mandatory Standards:

Applicable Standards and References:


MSSL:
  • Law Enforcement: SWAT/Tactical Team