Problems of implementing SIEM systems in the practice of managing information security of economic entities

The aim of the study is to increase the efficiency of information security management of economic entities that use Security Information and Event Management (SIEM) systems by identifying and solving the main problems of introducing these systems into the management of information security practices of economic entities [1-3].

Materials and research methods. Based on the analysis of scheme of the typical architecture of the SIEM system and the standard process of introducing the SIEM system into practice of managing information security of various types of economic entities, the main problems of the installation and configuration of the SIEM system are determined, and ways to solve them are substantiated. During the installation and configuration of the SIEM system, the team of customers and contractors may experience the following typical problems. The process of installing and configuring the SIEM system as part of a systematic approach is considered as a set of interconnected resource-based procedures that implement the installation and configuration of individual components of the SIEM system. Out of the whole set of these procedures, the procedures to be automated are determined. To determine the rational structure of the process of automated installation and configuration of the SIEM system, a method of network planning and management is proposed [4-5], which also allows you to evaluate the effectiveness of implementing the SIEM system in the practice of managing information security of economic entities based on the development and calculation of network schedules.

Results. In this work, we developed ways to solve the problems of introducing SIEM systems into information security management practice: simplifying the SIEM system, which is a rejection of rarely used modules and rebuilding the architecture of the SIEM system; automation of the process of typical installation and general setup of the SIEM system, which represents the development of a methodology for automating the procedure of typical installation and general setup of the SIEM system and software module that implements the developed methodology; a combined approach, which is a joint application of the two above approaches, which allows you to bring the SIEM system closer as a product to the “box" option.

The paper presents reasonable proposals for improving the implementation of the SIEM system, based on the development and application of automated procedures for the typical installation and configuration of the SIEM system, which reduces the time spent on the implementation of the SIEM system, increases the convenience of performing these procedures, and in general can lead to the “boxed" version of the solution for a product of this class of information security event management systems.

Conclusion. The proposed ways to solve the problems of implementing SIEM systems in the practice of managing information security of economic entities based on the optimization of the installation and configuration of SIEM systems can accelerate the distribution and implementation of information security event management systems and increase efficiency by automating standard installation procedures and SIEM system settings.

1. Riesco R., Villagra, VA Int. J. Inf. Secur. 2019. 18: 715. DOI: 10.1007/s10207-019-00433-2.

2. OAZIS: «Tekhnicheskiye kharakteristiki STIX ™ 2.0» = OASIS: “STIX ™ 2.0 Specifications.”. URL: https://oasisopen.github.io/cti-documentation/resources#stix-20-specification. (cited: 7.08.2018). (In Russ.)

3. oAzIS: «Belaya kniga STIX ™». [Internet] = OASIS: STIX ™ White Paper. URL: https://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf. (cited: 15. 06. 2018). (In Russ.)

4. Novitskiy N.I. Setevoye planirovaniye i upravleniye proizvodstvom = Network planning and production management. Moscow: New knowledge; 2004. 159 P. (In Russ.)

5. Metody setevogo planirovaniya i upravleniya = Methods of network planning and management. URL: https://studme.org/1633082614268/logistika/metody_setevogo_planirovaniya_upravleniya. (cited: 15. 12. 2019). (In Russ.)

6. OAZIS: «TTP (Tekhnika, taktika i protsedury» ot STIX ™ = OASIS: “TTP (Technique, Tactics and Procedures” by STIX ™. URL: https://stixproject.giio/getting-started/whitepaper/#tactics-techniques-and-procedures-ttp. (cited: 7.08.2018). (In Russ.)

7. OAZIS: «Kampanii STIX ™» = OASIS: «STIX ™ Campaigns». URL: https://stixproject. github.io/getting-started/whitepaper/#campaigns. (cited: 7.08.2018). (In Russ.)

8. OAZIS: «Intsidenty ot STIX ™» = OASIS: «Incidents from STIX ™. URL: https://stixproject.github.io/getting-started/whitepaper/#incidents. (cited: 7.08.2018). (In Russ.)

9. Sizov V.A. Development of a multi-criteria benchmarking method for information security of an organization. Enterprise engineering and knowledge management (IP & UZ-2019). Sbornik nauchnykh trudov XXII Mezhdunarodnoy nauchnoy konferentsii. 25—26 aprelya 2019 g. pod nauch. red. YU. F. Tel’nova: v 3 t = Collection of scientific papers of the XXII International Scientific Conference. April 25—26, 2019 under the scientific ed. Yu. F. Telnova: in 3 tons. Moscow: Plekhanov Russian University; 2019; 2: 97-100. (In Russ.)

10. SIEM. Chto eto takoye? = SIEM. What it is? URL: https://www.itbsgroup.ru/news/blog/siem-security/. (cited: 15.12.2019). (In Russ.)

11. SIEM (Security information and event management) URL: https://ru.bmstu.wiki/SIEM_(Security_information_and_event_management). (cited: 15.12.2019). (In Russ.)

12. VM Cotenescu. SIEM (Security Information and Event Management Solutions) Implementations in Private or Public Clouds. J. Lee, Y.S. Kim, J.H. Kim, I.K. Kim. Toward the SIEM architecture for cloud-based security services. Naval Academy Scientific Bulletin; 2016; XIX; 2. DOI: 10.21279/1454-864X-16-I2-058.

13. 6 tipichnykh oshibok pri vnedrenii SIEM-resheniy i kak ikh izbezhat’ = 6 typical mistakes in the implementation of SIEM-solutions and how to avoid them. URL: https://rvision.pro/blog-posts/6-tipichnyh-oshibok-pri-vnedrenii-siem-reshenij-kak-ih-izbezhat/. (cited: 15.12.2019). (In Russ.)

14. Kotenko I.V., Sayenko I.B. SIEM systems for managing information and security events. Zashchita informatsii. Insayd = Information Security. Insider. 2012; 5: 54-65. (In Russ.)

15. Rybolovlev D.A., Karasov S.V., Polyakov S.A. Classification of modern security incident management systems. Voprosy kiberbezopasnosti = Cybersecurity issues. 2018; 3 (27): 47-53. (In Russ.)

16. Budnikova I.K., Priymak Ye.V. Modeling of controlled processes using network planning methods. Vestnik tekhnologicheskogo universiteta = Bulletin of the Technological University. Kazan: Publishing House: Kazan National Research Technological University; 2018; 21; 1: 115-118. (In Russ.)

17. Dopira R.V., Kordyukov R.Yu., Beglet-sov A.A., Sergiyenko S.V. Network planning method for the development of complex technical systems. Programmnyye produkty i sistemy = Software products and systems. 2014; 2: 22-25. (In Russ.)

18. Kirov A.D. Avtomatizatsiya protsessa obshchey nastroyki avtomatizirovannoy sistemy zashchity ot utechek dannykh «InfoWatch Traffic Monitor 6.9» = Automation of the general setup process for the automated InfoWatch Traffic Monitor 6.9 data leak protection system. (In Russ.)

19. M. Nabil, Soukainat S., Lakbabi A., Ghizlane O. SIEM selection criteria for an efficient contextual security. 2017 International Symposium on Networks, Computers and Communications (ISNCC); 2017. DOI: 10.1109/ ISNCC.2017.8072035.

20. Connolly J, Davidson M, Richard M, Skorupka C. “The Trusted Automated eXchange of Indicator Information (TAXIITM)” November 2012. URL: http://taxii.mitre.org/about/documents/Introduction_to_TAXII_White_Paper_November_2012.pdf