SIEM versus MPS( FireEye) solution
Alan Janson 06 Jun 2016 16:55
Which solution can make the security infrastructure best and why?
Post Options
07 Jun 2016 18:48
I am inclined to say SIEM.  Both solutions can be effective providing that we as the implementation team establishes key monitoring and reporting requirements prior to deployment, which would include objectives, targets, compliance controls, implementation and workflow.  SIEMs collect and centrally manage records of network, system, application, device, security and user activity from different infrastructure sources or devices.

SIEMs offer the means to convey an organization’s overall security posture and provide information security professionals immediate security operational intelligence.

SIEMs can help IT organizations:
• Better manage risks and proactively monitor issues
• Rapidly develop necessary operational reports and measure security program achievement
• Expose process gaps and validate security investments
• Identify potential fraud and facilitate forensics
• Complete investigations faster and with greater accuracy
• Fortify policy with complementary and compensating controls

Post Options
08 Jun 2016 07:32
Well explained 
But can SIEM has the capability for predicting/detecting long term planned attacks?

Post Options
13 Jun 2016 11:06
I think you are asking the wrong question here. You need to implement a many layered, defence-in-depth approach to cyber resilience.

Do everything you can to prevent breaches.
Make sure that you detect attacks, and breaches, fast.
Have great plans for reacting to attacks and breaches, rehearse them and use them.

That means you need a whole range of different tools to support your defences.
Post Options
Forum Leaderboard
Our “Leaderboards” are just one way we show off the best and brightest of the AXELOS Community. This is a list of our top users with the highest post counts in the AXELOS Community - select "View the full leaderboard" to find out where you are on the list!