Benchmarking Security Information Event Management (SIEM)

by J. Michael Butler
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication logging technology and techniques

Critical business systems and their associated technologies are typically held to performance benchmarks. In the security space, benchmarks of speed, capacity and accuracy are common for encryption, packet inspection, assessment, alerting and other critical protection technologies. But how do you set benchmarks for a tool based on collection, normalization and correlation of security events from multiple logging devices? And how do you apply these benchmarks to today’s diverse network environments?