SIEM workshop with Telco Tech

On January 20 a producer workshop with the associated cooperation partner Telco Tech took place in Hanover. Different use cases of SIEM systems were talked through. The status of producer solutions in the SIEM environment became apparent and showed which additional characteristics SIMU could offer in future. Telco Tech and the SIMU consortium will carry on communicating regularly in order to benefit both on the research and product side.

Telco Tech is interested in a German security solution. But SIEM systems are not yet easy to promote. Educational work in this field is necessary. The SIMU approach is that interesting for Telco Tech that the producer would like to integrate parts of it into his own development. The SIEM solution LogApp already allows data storage which is safe from modification and manipulation. The four-eyes principle is implemented as well. But todays SIEM systems are planned for large environments and almost ignore small ones. This is due to the systems operation. For LogApp agents need to be installed in order to be able to consolidate log data later on. SIMU solved it differently by using the IP MAP protocol.

Screenshot der SIEM-Benutzeroberfläche

The workshop concluded with facing new challenges. The functionality of the detection engine is not yet mature enough technically, neither is the anomaly recognition. Fact is that all SIEM producers face these challenges so that the SIMU project can give an important new impetus.