SIEM αװ
ۼ 2009-04-02
ȸ : 12,775
The convergence of SIEM and Log Management
March 19, 2009 (Network World) by Dominique Levin
̺Ʈ(SIEM) α Ⱓ ȣ ؿ, յ ǰ ִ. 2 log management SIEM ַǿ ִ ͵ 캸.
SIEM IDS/IPS ҿѴٰ ν Ÿ. ý۵ ܺ Žϴµ , signature 뷮 Ž Ͽ.
1 SIEM ȣ (signal-to-noise ratio) ̰ ɰ ܺ ǥȭ ȵǾ. Ģ м Ͽ, SIEM å ϴ ȭ IDS/IPS ̺Ʈ鿡 ν IT Žϵ Դ. , SIEMַ ý Ҽ ΰ ð ҿǾ, false alert sorting ū ĩŸ ذϰ ȿ ܺ κ ȣߴ.
װ óġ, 纣 (SOX) PCI DSS ο IT ǹϸ鼭 ξ . ϱ Ͽ, IT Ȱ ϱ α ,м, Ʈ ϵ 䱸Ǿ.
ǵ ܺ Žϴ Ӹ ƴ϶ Ȱ Ʈϰ Ȳ Ʈ ϴ ̴. SIEM ̹ α ϰ , ħؿ õ κе鸸 óѴ. ø̼, ġ, , ͺ̽, ȭ, ý, IDS/IPS Ͻÿ IT ҵκ Ǵ û α óϵ ʾҴ.
ܺ ٴ Ȱ , α ξ 뷮 óϴ Űó 䱸 ϴ ɷ μ 忡 ߴ.
پ Ͻ ϱ α SIEM ַ ν, ΰ Բ ۿ ߰ߴ. α û α , Ʈ, ϵ ݸ, SIEM ַ ߿ ̺Ʈ ǥȭϱ Ϸ α мϵ ȵǾ.
IT â 캻ٸ, α SIEM ٸ ̴. α м ʼ α ϰ SIEM ַ ϴ α Ͽ콺 ô´. SIEM ϴ ̴ Ӹ ƴ϶ ȭϵ ´.
̷ ô뿡, 츮 IT ξ ذϱ α ִ Ȱϵ ϴ ̴. α SIEM ۿϰ ߺǴ ɵ ̴ ϵ Ͽ.
SIEM α
ʿ ִ ̴.
, ε, ֵ鿡 å ϰ ִµ ̴ IT, ȣϰ ο ǵ Ģ ؼϴ ̴.
ؼ θ Ǿ ִ ٸ Ʒ, å 䱸 δ. α SIEM м ؼ ǻ ϵ , IT Ͻ μ ȿ , μ ̱ ϱ ۵ ִ.
IT α ڸ(intelligence) Ͻ Ȱ Ͻ ٸ ġ ϵ ̴. SIEM ĸó , м Ͻ μ мϰ , ð, ɷ Ȱ, õ ̺Ʈ ϵ ִ. 츮 յ ַ IT Ӹ ƴ϶ Ͻ μ ϴ ̴. , step A Z Ͻ μ ְ, ƴٸ, ̴.
, SIEM α ν, ° ɵ ߺ ν, ִ ִ. α , ī̺, ε, мϴ ɵ ϳ ִ. װ ʿ ڿ ϵ ̴.
α Ȱ Ϳ ̺Ʈ м ٸ Ͻ ִٸ ̴ ̷ο ̴. ؼ, Ͻ Ȱ Ͻ ڸ ϰ ̴. پ ̹ 2.0 ø̼, Ŭ , ü ϱ ϰ ִ. ش پ Ͻ ڵ Ͻ ذϱ ϵ ڿ ý Ȱ ߾ȭ ϰ Űó ϴ ̴.