Effective Security Monitoring Using Efficient SIEM Architecture

Abstract

The unprecedented advances and myriad benefits of the internet have made it indispensable for almost every organization. With its growing popularity and widespread use, the problem of security threats has emerged to the forefront, while attacks are constantly on the rise. Therefore, an organization must continuously monitor its security status to take immediate remedial measures. Security information and event management (SIEM) systems in tandem with security orchestration, automation, and response (SOAR) systems are an integral part of a security operation center (SOC) because this not only further helps organizations gain a holistic view of their security status but also protects their IT infrastructure. In this research paper, we will provide discussions on the latest and most advanced and widely used SIEM systems. These include both open-source and proprietary solutions. However, as documented in literature, no comprehensive SIEM system architecture is available. The main contribution of this research work is that we have proposed a comprehensive, well-defined and modular architecture of the SIEM system. Each module has been discussed in detail with reference to its input parameters, processing, and output details. This modular approach will help developers extend the functionality of the SIEM system without compromising the overall performance and integration issues, while also helping end users make better decisions to select a SIEM system.