Question

1. Research Security Information and Event Management (SIEM)

• What is Security Information and Event Management (SIEM)? (Do Internet research).
• How do you think SIEM compares to Intrusion Detection/Prevention systems (IDS/IDPS) as described in our textbook? Similarities/differences?
• Identify an SIEM product, read about it on the vendor’s website, and identify two (2) websites that provide reviews of this product.
• Would you recommend your identified SIEM product to an enterprise/large organization? Why or why not?
• Write a brief report of your findings (1-2 pages). Include links to ALL references.

2. a.Are any biometric recognition characteristics considered more reliable than others?

b. Which are the most reliable/

Answer 1

1. Research Security Information and Event Management (SIEM)

Security information and event management (SIEM) is a security tool that is a combination of security information management (SIM) and Security event management (SEM). SIM focuses on automating the collection of log data, events, and flows from security devices on a network, SEM is all about real-time monitoring the alerts and events.

SIEM similarity with IDS/IDPS:

- Both are a security tool

- Both can work together

- Both can detect the security violation

SIEM difference with IDS/IDPS:

- IDS is an independent entity, that can detect the security violation on its own.

- IDS can be input to SIEM

- SIEM can detect and take appropriate action

The website that reviews SIEM products:

https://www.gartner.com/reviews/market/security-information-event-management

https://www.esecurityplanet.com/products/top-siem-products.html

The Recommended SIEM tool for enterprise/large organization is Splunk Enterprise. The reason it has enterprise version, feature-rich, more predictive & good deployment credibility.

2. Biometric recognition

Iris recognition biometric is the most reliable than others.