Analysis of Alternatives for a Security Information and Event Management Tool in a Virtualized Environment

Abstract

Security Information and Event Management is a software tool that increases the cyber-situational awareness of a system. Since many products are available in the market, there is a desire from companies and individuals to establish which candidate is the right one for their needs. This project dives into why it is necessary and recommended for an enterprise to deploy such a tool. It will produce a list of quantifiable metrics in which needs can be leveraged against. It also intends to present a sample attack methodology to test the desired product. To further explain the relation between metrics and needs, example user cases are generated to provide a satisfactory solution. It is intended for the interested party to understand all vectors that relate to the acquisition of a product, and by using the conclusions presented, reach a decision, or accelerate their selection process. Key Terms - Analysis of alternatives, event manager, security information, virtualization