2. Introduction
• SIEM stands for Security Information & Event Management is a term
for software and products services combining Security Information
Management(SIM) and Security Event Manager(SEM).
• The segment of security management that deals with real time
monitoring, correlation of events, notifications and console views is
SEM.
• The second area provides long-term storage, analysis and reporting of
log data is SIM.
3. BIG 3 of SIEM:
• Compliance
• Security
• Operations
9. Fails v/s Business Benefits
• Lack of planning
• Faulty Deployment Strategies
• Lack of management oversight
• Too much noisy
• Real time monitoring
• Cost saving
• Compliance
• Reporting
10. Vendor Neutrality
• Vendor-neutral describes a state in which no one vendor can control
the definition, revision or distribution of a specification.
• Most current data centers are closer to the vendor-neutral model,
although they may rely heavily upon a particular vendor.
11. Vendor Neutral v/s Vendor Specific
Vendor Neutral
• In a Vendor-Neutral data center,
technologies come from a
variety of sources.
• A Vendor-Neutral Certification
program covers the subject
matter more broadly.
Vendor Specific
• In Vendor-Specific data center,
for example, hardware and
software are supplied by single
vendors.
• A Vendor-Specific Certification
Program covers a single vendor's
technology in greater depth.
12. With over 150 certifications covered in the vendor-neutral,
vendor-specific and cloud security surveys, there is no
shortage of options. The question is, how do you know which
certification is right for your career path?
13. CompTIA
• The Computing Technology Industry Association (CompTIA), a non-
profit trade association, issuing professional certifications for
the information technology (IT) industry.
• CompTIA issues vendor-neutral professional certification in over 120
countries.
14. SANS GIAC Information Security Fundamentals
Certification
• The SANS Institute is a long-standing and well-recognized
powerhouse in the security industry. Likewise, its GIAC certifications
continue to accrue visibility and acceptance.
• From here, practitioners can tackle a premium or senior-level security
certification. Most such certifications require three or more years of
relevant, on-the-job experience.
15. CompTIA's Security+ still weighs heavily among the entry-level
certifications, as it continues to attract ongoing interest and
participation. Today, the number of Security+ certifications tops
250,000.
IBM includes Security+ in some of its own certification programs,
Apple and Dell incorporated Security+ into their training
programs or require the certs from job candidates, and the U.S.
Department of Defense accepts Security+ to meet its most basic
information assurance (IA) certification requirements.