How to make improvement in implementing DevOps
2020.12.04
Unit A, 7/F, King Palace Plaza, 55 King Yip Street, Kwun Tong, Kowloon, Hong Kong
+852 3618 9970 [email protected]
SIEM it is
2021.01.15
We are living in an era overwhelmed by information technology, everybody and different individuals are releasing information on numerous events occurs. Real-time messages are notalways being percolated, many spams are revolving our daily life, but we are always neglecting the authenticity of messages and events. If we fail to filter or posses critical thinking, irreversible consequence often takes place and even affect one’s life. Security information and event management (SIEM) was born under this circumstance, analysts have to analyse tremendous events to decide which event or information impose a real threat.
SIEM is to combine and standardise events and convert it as to messages which to determine its level of affection towards company. The number of events which SIEM providers have to analyse has been increasing steadily, the complexity and ability of attacks are being dissolved, and this imposes a great pressure towards SIEM providers which require them make remediation and development without a stop. SIEM’s strength is the intelligence in filtering irrelevant events which refrain from spending extra time in analysing insignificant events.
Artificial Intelligence in SIEM is a new trend which machine learning are being promoted. The system is no longer encouraged touse conservative approach with requirement for maintenance from time to time. Analysts are preferred to consider the flow of data and analyst’s own resolution to select the priority of events. It is noted the occurrence of defects have reduced even though false positive still exists, the volume is not as serious as before since the system has tuned to be capable of detecting those events. Data scientists and security experts cannot use machine learning engine data, theyhave to attempt a route with irrelevant security events at the same time ensure to know cyberattacks and invaders criminal evidence well. Combining different event data is not easy at all, it is costly and poses drawbacks. Technology specialists has also be required tomonitor the data system collected and even it comes as being treated as a big data related system or any other breach due to the data collection, SIEM has still successfully executed its tasks and this shows that it worth our concentration on it.
