SIEM versus MPS( FireEye) solution
06 Jun 2016
Which solution can make the security infrastructure best and why?
I am inclined to say SIEM. Both solutions can be effective providing that we as the implementation team establishes key monitoring and reporting requirements prior to deployment, which would include objectives, targets, compliance controls, implementation and workflow. SIEMs collect and centrally manage records of network, system, application, device, security and user activity from different infrastructure sources or devices.
SIEMs offer the means to convey an organization’s overall security posture and provide information security professionals immediate security operational intelligence.
SIEMs can help IT organizations:
• Better manage risks and proactively monitor issues
• Rapidly develop necessary operational reports and measure security program achievement
• Expose process gaps and validate security investments
• Identify potential fraud and facilitate forensics
• Complete investigations faster and with greater accuracy
• Fortify policy with complementary and compensating controls
But can SIEM has the capability for predicting/detecting long term planned attacks?
I think you are asking the wrong question here. You need to implement a many layered, defence-in-depth approach to cyber resilience.
Do everything you can to prevent breaches.
Make sure that you detect attacks, and breaches, fast.
Have great plans for reacting to attacks and breaches, rehearse them and use them.
That means you need a whole range of different tools to support your defences.