Systematic review of SIEM technology: SIEM-SC birth

This paper contains a systematic review carried out to address the current status of the System Information and Event Management (SIEM) technology and what may possibly be the next steps in the future. We shall focus on: where SIEM will shift in the near/long-term future, whether this change will af...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2023-06, Vol.22 (3), p.691-711
Hauptverfasser: López Velásquez, Juan Miguel, Martínez Monterrubio, Sergio Mauricio, Sánchez Crespo, Luis Enrique, Garcia Rosado, David
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper contains a systematic review carried out to address the current status of the System Information and Event Management (SIEM) technology and what may possibly be the next steps in the future. We shall focus on: where SIEM will shift in the near/long-term future, whether this change will affect the technology as it is right now, and finally, what benefits users will obtain from this growing security-monitoring technology. The paradigm of this technology is slowly shifting from monitoring/alerting to demanding international standards with which all security tools must comply in every internal or external audit, leaning toward security-as-a-service rather than premise solutions and improvements to detection engines in order to make them respond faster and in a more agile and accurate manner, thus optimizing analyst time. All of this had been taken into account by comparing, analyzing, correcting, and predicting the near future of this technology, highlighting its usage together with the compatibility of cutting edge technology such as Blockchain, containers, cloud, international compliance. Of the papers analyzed, 50% were new proposals at the time of their publication, impacting on SIEM functionality, and 19% were involved in real scenarios. The authors use the papers analyzed as the basis on which to propose a new framework that is compatible with GDPR, using multiple technologies blockchain, encryption, and containers. This framework has been denominated as SIEM-SC (Security Compliance).
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-022-00657-9