Analysis of Alternatives for a Security Information and Event Management Tool in a Virtualized Environment
Resumen
Security Information and Event
Management is a software tool that increases the
cyber-situational awareness of a system. Since
many products are available in the market, there is
a desire from companies and individuals to
establish which candidate is the right one for their
needs. This project dives into why it is necessary
and recommended for an enterprise to deploy such
a tool. It will produce a list of quantifiable metrics
in which needs can be leveraged against. It also
intends to present a sample attack methodology to
test the desired product. To further explain the
relation between metrics and needs, example user
cases are generated to provide a satisfactory
solution. It is intended for the interested party to
understand all vectors that relate to the acquisition
of a product, and by using the conclusions
presented, reach a decision, or accelerate their
selection process.
Key Terms - Analysis of alternatives, event
manager, security information, virtualization