SIEM for ICS/SCADA Environments
Introduction
Security Information and Event Management (SIEM) solutions are the traditional IT go-to for organizations looking to get the most out of their vast information load, which includes system logs, network logs and Intrusion Detection and Prevention Systems (IDS/IPS). Although there are differences between a traditional IT environment and an Industrial Control System (ICS)/Supervisory Control and Data Acquisition, SIEM solutions help organizations secure their vital industrial systems.
This article introduces the concepts of SIEM and ICS/SCADA. It explores common features of SIEM in ICS/SCADA environments including timestamp of security events, collection of event-specific information, correlation of security events and the SIEM process steps.
What is SIEM?
SIEM is a software security solution that normalizes, collects, filters, assembles, correlates and provides central management of security events.
This pivotal security solution type allows for the collection of information from a wide array of security, network, device, application and user activity information sources such as log files, audit files, IDS/IPS solutions and other sources of information. This information is then analyzed for trends, allowing information security professionals to get a better understanding of their security environment in a way that the veritable nightmare of manual analysis cannot match.
What is ICS/SCADA?
ICS and SCADA are two types of control systems that are in widespread use in industry, manufacturing and critical infrastructure, like power grids. ICS and SCADA are different, with ICS being used slightly more in industry and SCADA used more in critical infrastructure, but the differences are superficial in a security-related context. Both of these environments share similar read-only, log-based information storage methods and employ near-identical methods of SIEM information collection and correlation.
SCADA environments sometimes have different SIEM needs based on their unique design proclivities.
Can SIEM benefit ICS/SCADA?
SIEM can be of great benefit (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/S2iIbdhtOo0/
