Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

The field of information security plays an important role in education, IT, health domain, etc. Much research has been carried out in order to secure data in hardware, on the cloud, and during transmission over the network. A secure data transmission and securing the stored data is still taken as one of the concerned areas. Cloud-based SIEM is used nowadays, which is the art and science to secure the information of the organization. SIEM is Security Information and Event Management, which means securing the organization containing network devices and devices holding critical and sensitive information. In this paper, a survey is carried out to determine the gap in current security providers and areas that need attention. We take logs as input and send them to SIEM for analysis. Whether a SIEM is capable enough to determine the unknown threats and user behavior to identify insider threats. Also, terms such as EPS, False positive Rate, Mean Time to Resolution are used as compassion and aim to keep False positive rate and mean time resolution value low and EPS no restriction.