New Training: Security Data Analysis
In this 10-video skill, CBT Nuggets trainer Jacob Moran teaches you how to identify and analyze relevant data as part of your security monitoring activities. Watch this new CompTIA training.
Watch the full course: CompTIA Cybersecurity Analyst
This training includes:
53 minutes of training
You’ll learn these topics in this skill:
Introduction to Security Data Analysis
Heuristics and Trend Analysis in Security Monitoring
Analyzing Security Logs
Writing Queries to Get More Relevant Data Faster
Reviewing Security Information and Event Management (SIEM)
Endpoint Data Analysis
Network Data Analysis
Analyzing corporate e-mail security infrastructure
Analyzing Potentially Malicious e-mail
Analyzing Data to Determine Impact
What is Security Information and Event Management (SIEM)?
Security information and event management (SIEM) is software that provides detection, analytics and responses to various security issues. It combines security information management (SIM) with security event management (SEM) to perform real-time analysis of application and hardware security alerts. With SIEM, you can not only track security events but also gain insight from them.
SIEM works by gathering event and log data from a variety of applications, devices and hosts before aggregating this within a centralized platform. It then detects threats by matching this data with what it observes on your network, and it generates an alert based on the rules that you have defined. For example, three failed login attempts in five minutes may generate an alert at one level, while 10 failed attempts during the same period of time may generate an alert at a higher level.
SIEM can also support compliance reporting, such as HIPAA security rules.