Event Management and Security

Technology and Product Review for an SIEM Solution

There are different approaches that are utilized for security management, which has resulted in the emergence of different security technology categories including security information and event management (SIEM), which is designed to provide a holistic view of IT security. It is based on the principle that relevant information regarding an organization's security is generated from various sources/locations. Therefore, examining each of these locations helps in identifying trends and patterns within the organization's security system.

Overview of SIEM

SIEM, which stands for security information and event management, can be described as an approach for management of security through a holistic view of information technology security within an organization (Rouse, 2014). This approach provides a holistic view for examining an organization's IT security through combining security information management (SIM) and security event management (SEM) into a single security management system. Through combination of these systems, SIEM enables speedy identification, evaluation, and recovery of security incidents. Additionally, the system enables compliance managers to confirm whether the organization is fulfilling legal compliance requirements.

SIEM systems work through gathering security log data from different sources within the organization including operating systems, security controls, and applications (Scarfone, 2015). Once security log data is obtained, the system processes it in order to normalize its format, analyze the standardized data, provide alerts in case of any anomalous activity, and generate reports upon request by security administrators. There are certain SIEM products that are also designed and structured to block malicious activity when detected. In this case, such activities are blocked through various processes including running scripts that prompt reconfiguration of security controls like firewalls (Scarfone, 2015). SIEM products are usually available in various forms with relatively similar capabilities but different cost and performance. The most common forms of SIEM products include hardware appliances, cloud-based, conventional server software, and virtual appliances.

Product Review

One of the most commonly used SIEM products is McAfee, which is positioned as a leader in Gartner Magic Quadrant for Intrusion Prevention Systems (IPS) for the last nine years (Burnham, 2015). McAfee's position as a leader in IPS was determined following an analysis of overall liability, product track record, customer experience, operations and marketing execution, market responsiveness, and sales execution of products within this category. This SIEM product is sold by McAfee, which is a California-based firm that is part of Intel Security (Lawson, Hils & Neiva, 2015). This large security vendor has a significant product portfolio throughout different security locations including server, network, and content. The vendor is one of the leaders in information technology security following its aggressive execution of its growth plans.

McAfee is a leader in IPS because if satisfies customer demand due to its highly innovation solutions and capabilities to address security problems in different ways. As a stand-alone IPS model, McAfee comprises appliance models ranging between 100 Mbps and 40 Gbps of throughput (Lawson, Hils & Neiva, 2015). This SIEM product has real-time monitoring and understanding of external security threat information and reputation feeds. Through these capabilities McAfee effectively monitor data, systems, activities, and risks in an organization's IT security framework and prioritizes information within a short period of time. McAfee also has the capability to store billions of flows and events for a long period of time. The information in turn enables instant ad hoc queries, compliance, rules validation, and forensics (McAfee, 2016). Despite these capabilities, McAfee has some deficiencies including the unreliability of its support services, need for several add-ons after purchase, and a heavy price tag of both hardware and software versions.

McAfee, Cybersecurity Objectives, and Five Pillars of Information Security

McAfee can be utilized by Agile Belair to support cybersecurity objectives like lessening vulnerabilities, reducing risk, and enhancing resistance to security threats and attacks. In this case, once a client deploys McAfee, he/she should conduct regular tests for new vulnerabilities and monitor illegal changes to the baseline and probable intrusions. Regular scans should also be carried out to examine vulnerabilities, threats and attacks through automated tools that also test web applications and databases. Through its security management platform, McAfee enables deployment of application controls and behavioral-based security functions. Agile Belair can also realize its cybersecurity objectives by using McAfee Web Gateway, which is an anti-malware capability that monitors online malware behaviors and protect end-user devices (McAfee, n.d.).