Talk With an Expert

A Practical Application of SIM/SEM/SIEM Automating Threat Identification

A Practical Application of SIM/SEM/SIEM Automating Threat Identification (PDF, 3.00MB)Published: 21 May, 2007
Created by
David Swift

The goal of this paper is to explain how to use a SIEM effectively to identify and respond to security threats. The paper begins with level set information including definitions, capabilities requirements, architecture and a business case. Later I will cover aggregation and correlation design concepts, with real world examples including architectural design, risk based profiling, finite state engines, and merging traditional network operations data into security operations tools for improved detection.