Question

A security technician is incorporating the following requirements in an RFP for a new SIEM:

New security notifications must be dynamically implemented by the SIEM engine
The SIEM must be able to identify traffic baseline anomalies
Anonymous attack data from all customers must augment attack detection and risk scoring
Based on the above requirements, which of the following should the SIEM support?

A. Autoscaling search capability
B. Machine learning
C. Multisensor deployment
D. Big Data analytics
E. Cloud-based management
F. Centralized log aggregation

Answer 1

The SIEM system should support dynamic implementation of new security notifications, identification of traffic baseline anomalies, and augmentation of attack detection and risk scoring with anonymous attack data.

Step-by-step explanation:

The SIEM system should support the following requirements:

1. Dynamic implementation of new security notifications: This means that the SIEM should be able to incorporate and adapt to new security notifications as they become available. This can be achieved through regular software updates and integration with threat intelligence feeds.
2. Identification of traffic baseline anomalies: The SIEM should be able to analyze network traffic and identify any deviations from the normal traffic patterns. This can help detect potential threats or anomalies that may indicate a security breach.
3. Augmentation of attack detection and risk scoring with anonymous attack data: The SIEM should be able to leverage anonymous attack data from different customers to improve its attack detection capabilities and enhance the risk scoring of identified threats.