Learn about the security-relevant characteristics of vulnerability management and SIEM data and how it can contribute to improving network security.
- [Teacher] Vulnerability Management Systems present data on weak areas in your network. They also help you track vulnerabilities until they get resolved. One of the most fundamental types of data produced by Vulnerability Management Systems is a comprehensive list of software/hardware assets in your network. If you don't know what you own, it's impossible to protect it. By the way, this process of identifying your network assets is referred to as enumeration.
Once you know what assets you have in your network, the next step is to check if there are any known vulnerabilities associated with them. The potential vulnerabilities include outdated firmware or operating systems as well as software box in general. Leading VMs recommend available patches, updates and upgrades to fix the vulnerabilities once they are detected. Vulnerability Management Systems and their sensors can be deployed within a network to thoroughly scan and continuously monitor every asset behind your firewall.
Another option is to treat your network as a black box and test it's vulnerabilities from outside the network, just like what happens during penetration testing. Vulnerability Management Systems also look out for the existence of malware in your network. This rich set of Vulnerability Management System data is ideal to be fed into SIEM systems. In this sense, SIEM plays the role of a data sync rather than a data source, as a result, one of the critical features of SIEM is it's ability to receive and parse log files from as many sources as possible.
The true power of SIEM is revealed when it can correlate the various events logged in multiple sources of intelligence, such as Vulnerability Management Systems, IDSs and IPSs and pinpoint a security threat.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization