Abstract
Nowadays Security Information and Event Management (SIEM) is a common element of the security stack of every big and medium size company. The SIEM is becoming a vital part of the defense strategy along with firewalls, network Intrusion Prevention System / Intrusion Detection System (IPS/IDS), web/mail security appliances, and Antivirus (AV) solutions. Therefore this paper aims to propose a solution for improving the security posture of an organization by implementing Splunk Enterprise SIEM. The monitoring of various systems in real-time could be a challenge for the security analysts in the Security Operation Center (SOC). With the use of Splunk, all relevant logs are collected and stored in one instance which allows the designing of a “single pane of glass” solution. To illustrate the capabilities of the Splunk Enterprise SIEM, the proposed solution has four real-time alerts for detection of different cases of suspicious and/or malicious activity. One of them is specifically designed to alert for the presence of a Mirai Internet-of- Things (loT) malware infection within the organization.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
