Building Own SIEM Environment using Opensource Tools (Part 2)

 

Building  Own SIEM Environment using Opensource Tools  (PART 2)

SIEM Types

There are 50+ SIEM solutions available in market. We can divide it in 2 major following types,

• Commercial SIEM Solution
• Open Source / Community  Edition SIEM Solution

Commercial SIEM Solution:-

Commercial SIEM tools do require a financial investment, Its give you comprehensive SIEM capabilities and are built by experts to meet industry compliance standards. Commercial SIEM tools provide the in-depth protection enterprises need and they can even scan  every packet of network. Its best thing is  ongoing customer support provides invaluable peace of mind for any business. Its update feeds day-by-day and its fully protect the business from any kind of attack like threat & intrusion  etc. Following are some commercial SIEM solutions,

1. Splunk
2. IBM Qradar SIEM
3. SolarWinds
4. AT&T Cybersecurity AlienVault
5. Microsoft Sentinel

Open Source / Community  Edition SIEM Solution:-

Open Source / Community  Edition SIEM  grown in their popularity. Open Source SIEM  limited in their capabilities (compared with their Commercial SIEM).You found much usage of  Open Source SIEM in  small to medium size organizations. Mostly open source SIEM are  community base and following are  some of the best free and open source SIEM tools out there today,

1. SIEM Monster
2. Wazuh
3. OSSEC
4.  AlienVault OSSIM 
5. Logit.io

SIEMs  are available in cloud-base and on-premise edition. Both on-premise and cloud-base SIEMs offer specific benefits and drawbacks to an organization. For decide of SIEMs solution, we must know the difference between cloud-base and on-premise edition. Following are some benefits and disadvantage's of on-premise SIEMs,

Advantages on-premise SIEMs

• The best advantage of on-premise SIEMs is organization keeps sensitive data on-site and many organization may want to avoid transferring sensitive data to a cloud. It might be due to regulatory requirements.
• Organization want to keeps complete control over the SIEMs platform. When your SIEMs on-premise, you can customize how the platform runs and also  produce best results in the context of your specific business operations. 
• Organization also want to keep control on cyber security team. SIEMs platform on-premise, organization  also keeping control over training the team members to the specific needs of your business.
• On-premise also enable to organization to customize SIEMs deliverable and also adopt best policy and procedure for its business.

Disadvantages on-premise SIEMs

• SIEMs platform on-premise requires much  financial efforts to keep on-premise live. The overall cost is not limited to the expenditures for purchasing, installing and maintaining the software and its also  includes costs for collecting, storing and analyzing vast amounts of data from each collection point. 
• Hiring, training and managing knowledgeable cyber-security specialists on-premise  is expensive. and its also difficult to keep this security talent. Because is in high demand and require lucrative compensation.
•  For produce viable results, The cyber security team that runs the SIEMs should fully understand an organization’s business model.  which means that the process of implementing an operational SIEMs platform can take a year or even more, depending on the size of the organization. Its also increase the expenditure.
• You know that, organization has complex business IT infrastructure  and also involves dozens of business applications as well as hardware and software modules. For mitigate security risks,  requires specific expertise and you know that the cost of these persons are high.

For deciding SIEMs, you must also know the advantages and disadvantages of cloud base SIEMs,

Advantages Cloud-base  SIEMs

• Most of vendors of SIEMs give SaaS versions of their respective SIEM platform and some of them only give cloud-base version of SIEMs. The best advantage of cloud-base SIEMs, you immediately gain expert knowledge and you get a pre-configured SIEMs system operated by a expert team. You can reduce the time for deployment, as there is no need to train an internal team to manage the platform.
• On selection the cloud-base SIEM, you can  custom implementations faster. because you have team of experts, which  comes with software and  they  configure it to your needs without any IT training required.
• Organization also save cost of infrastructure on SaaS base SIEMs. Organizing don't need to purchase expensive hardware to run the SIEM platform and well mange service provider of cloud-base SIEMs also give you software maintenance, updates and support. its also reduce of cost of IT cyber security team for SIEMs maintenance. 

Disadvantages Cloud-base  SIEMs

• The major disadvantage of cloud-base SIEMs is that organization facing risk of moving there sensitive data on cloud.  As cyber security expert, You know that risk of data in transit always high. 
• When you selecting a cloud-based SIEM solution, you may face an issue of limiting the access of your raw data. Even though this is your data that comes from your endpoints and systems. estimates. Cloud-base SIEMs only give your reports and dashboard of your data.
• On cloud-base SIEM, you depend on service provider on all events and alerts.    

Lets now focus on our main topic open source SIEM environment. Before going forward, now we  Compare three open source SIEM solutions,

In Part 3,  we are going to build 1 of  open source SIEM .If you have any question, you can ask me in comments section and follow my blogs for cyber security tools and discussion.

if you miss part 1, click on following link,

https://cybersecurity-why-for-me.blogspot.com/2022/10/building-own-siem-using-opensource-tools.html