Learn what vulnerability management systems and security information and event management (SIEM) systems are. Jungwoo provides their definitions and explanations on their purposes in network security.
- [Instructor] Common network security attacks generally exploit a set of vulnerabilities found in a network. These vulnerabilities include outdated formware on a router, a computer with an old operating system, or a mis-configured device. As a preventive measure, you can use vulnerability management systems to scan your network for any weaknesses. They often check the network against a vulnerability database consisting of known bugs in the software running on the hardware that makes up the network.
More vendors are adopting the common vulnerabilities and exposures, or CVE, database as their checklist when scanning a network for it's vulnerabilities. Each vulnerability in the CVE list has a unique identifier and a corresponding detailed description, which makes it easy to keep track of. You have several options when choosing a vulnerability management system. Nessus is one of the most well known commercial choices, while OpenVas is its open source counterpart.
Another lead, SIEM or security information and event management systems also inform users of their network security status, but it's scope is much wider. In fact, SIEM collects and analyzes alerts generated by many sources, one of which is vulnerability management systems. SIEM focuses on monitoring and logging network security events in real time. The ultimate goal of SIEM is to alert human operators when suspicious or anomalous activity are detected.
The main difference between SIEM and systems such as IDS, IPS and vulnerability management systems is that SIEM is much more capable of storing network data and tracing network events in terms of it's capacity. SIEM also provides a much more comprehensive and holistic view of your network beyond specific intrusion attempts or known vulnerabilities, by leveraging IDS, IPS and vulnerability management system data and correlating them.
Due to the recent advances in data science, SIEM systems are starting to incorporate newly emerging technologies. These technologies are designed to harness the large amount of historic and real time data to predict future security events.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization