Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation / Regression Analysis for Optimal Cyber Security Posture

Abstract

This work integrates logical and physical security processes, and simplifies the manageability of the security infrastructure. The process increases visibility to resources, which makes it easier to prevent security incidents, and provides a platform to manage the response and recovery after an incident occur. Log collection is the heart and soul of a SIEM. Log correlation is employed to identify particular sequences of log events from devices. The comparison between network level and host level events automatically perform initial validation that would not normally be performed. It considers movement of data between systems where it would not normally accounts logging on at unusual times or from unusual places, these may not generate specific security alerts, but can be much more easily spotted and flagged by a log correlation solution that sees everything in the environment. It shows some enhancements to event log normalization and significantly improves correlation rule execution. The event monitoring algorithm and SIEM correlation rules result in false positives or false negatives. Security managers, therefore, may waste time and resources that could be used to respond to real threats and assaults if there are too many false positives. This study hereby, strikes a compromise between lowering false positive alerts and not ignoring any potential abnormalities that could indicate a cyberattack when establishing SIEM correlation rules. In order to decide which data is pertinent and which data is irrelevant in an event pipeline, this research employs the use of filters. Through this examination, it can be inferred that the conditions are advantageous for promoting investment in the growth and enhancement of this technology as an essential component of industrial control systems with security operation centers, as well as offering cyber security management for small and medium-sized enterprises (SMEs) with restricted security expertise and capabilities.