“A fortune 500 enterprise’s infrastructure can easily generate 10 terabytes of plain-text data per month. So how can enterprises effectively log, monitor, and correlate that data to obtain actionable insight? Enter the Security Information and Event Management (SIEM) solution” – quote from Jeff Edwards, in a Solutions Review’s 2016 SIEM buyer’s guide covering AccelOps, Alert Logic, Alien Vault, Assuria, BlackStratus, CorreLog, EiQ Networks, EMC (RSA), Event Tracker, HP, IBM QRadar, Intel Security, Logentries, LogPoint, LogRhythm, Manage Engine, NetGuardians, NetIQj, Silver Sky, SolarWinds, Splunk, Sumo Logics, Tenable, and Trustwave .
SIEM and related acronyms –
SIEM – Security Information and Event Management, consists of SIM and SEM.
SIM – Security information management (SIM) is also referred to as log management, log storage, analysis and reporting.
SEM – Real-time monitoring, correlation of events, notifications and console views
Practical application of SIEM – Automating threat identification: SANS publication.
UBA – User Behavior Analytics
UEBA – User and Entity Behavior Analytics. This is growing in importance, for example Exabeam focusses on behavioral analytics. The key idea in UEBA is it extends analytics to cover non-human processes and machines entities.
IDS – Intrusion Detection System. Detects and notifies about an intrusion.
IPS – Intrusion Prevention System. Such a device may shut off traffic based on an attack detection.
WAF – web application firewall.
https://www.splunk.com/en_us/data-insider/user-behavior-analytics-ueba.html
https://github.com/topics/ueba
https://siliconangle.com/2017/07/25/detecting-malicious-insiders-behavioral-analytics-sparksummit/
https://www.analyticsvidhya.com/blog/2018/02/demystifying-security-data-science/ (good overview of evolution of solutions)
Secure Machinery 