4n6strider

Your Data Zen starts here.

Various SIEM -a product footprint on the Twitter

I have compared social networks of various SIEM tools on Twitter. Every single SIEM tool has specific weaknesses and seeing relations between particular SIEM tool and certain companies and personnel might provide valuable insight for future scope of penetration testing.

Should this maps be combined with insights from LinkedIN and job posting portals, pattern matching algorithm might reveal direct connection between a company, software they use, skills required from people a company is attempting to hire and also single individuals. This brings new layers to the attack surface.

Following pictures are maps of Twitter relations of broadly known SIEM and SIEM – like tools.

So far I have analyzed only the SIEM tools I have some experience with. Do you miss any more SIEM here? Let me know.

AlienVault:

  1. Raw scheme:
    raw3

Sorted after categorization of nodes (Twitter accounts)
force-atlas2
ArcSight:
It looks like ArcSight does not reside a lot on Twitter. Since it belongs to HP now, it might be useful to track matching patterns between HP and relating corporations.

Raw picture only:

arcsight

LogRhytm:

circle-lables fr-labels
RSA Security suite:
f-r-rsasecurity yfh-rsasecurity

QRadar:

Again same story as with HP´s ArcSigh, QRadar is not really much featured on Twitter. To determine true relationship I would be needed to investigate relation between IBM and related corporation.

Raw picture only:
qradar-twitter

Splunk

Last but not least, the Splunk. It is my favorite and also it is not SIEM in general. Only it has well developed app for Enterprise security monitoring.
I like Splunk for its capability to grab and normalize information from vast amount of sources.
In my opinion while it might be not self-sufficient SIEM tool for a big corporation, it can still be beneficial for smaller companies as well as additional tool for Security analysis besides corporate SIEM tool.

expanded2-crlc-fa2-fr-yfh-splunk4-labels expanded-crlc-fa2-fr-yfh-splunk4-labels izometric-splunk5-raw splunk1-rawsplunk2-raw

Next Post

Previous Post

© 2017 4n6strider

Theme by Anders Norén