Thursday, January 16, 2014

Security Information and Event Management (SIEM) in DISM Course

"Security Information and Event Management (SIEM) is a term for software and products services combining security information management (SIM) and security event manager (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications."

Source - Wikipedia.org

At SP's Cyber Wargame Centre (CWC), students will be able to learn about SIEM technology in our Cyberwatch Competency Centre(CCC). These include the basics of correlation of events, real-time monitoring and presentation of information from network and security devices using SIEM technology. Students will understand the key characteristics of log auditing, event management, and how to handle the situation as the incident responders to contain the incident and plan for the recovery steps.

In the corporate world, many have built Security Operations Centres (SOCs) to implement technology such as firewalls, intrusion prevention systems, anti-virus technologies, etc. However, this is not enough. In order to further secure the network it requires SIEM technology to correlate events and centralize the security monitoring, analysis and thus providing effective incident response.

SP has been working closely with our technology partner, e-Cop, in the SIEM area. In our CCC (which essentially is our SOC with SIEM technology) we have the capability and flexibility to generate different types of attack traffic patterns on the network, allowing students to have realistic scenarios. In turn, students will be able to have hands-on practical sessions to analyse and respond to the incidents. Follow-up action including securing the network perimeter devices and servers can then be carried-out. We do not perform "paper exercise" as we wants our students to understand, learn and appreciate what is "incident response" in the real world.

To illustrate the design flexibility in our CCC, we can create a scenario that simulate the Distributed Denial of Service Attack (DDoS), and teach our students how to response to such incident in our CCC. However, you can't "SIMULATE" such attack on the "live" network (it will never be allowed) and then expect students to learn monitoring and perform incident response on the "live" network. Perhaps it is possible through "paper exercise".

Therefore, it is important to understand that the SIEM technology plays a crucial role in the corporate's SOC. DISM students has the opportunity to learn about SIEM technology in our state-of-the-art facility and we hope to give students market-relevant experience to groom them to be the next generation of IT security thought leaders.

No comments:

Post a Comment