Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs.

The proliferation of cyber threats necessitates robust security measures to safeguard critical assets and data in today's evolving digital landscape. Small and Medium Enterprises (SMEs), which are the backbone of the global economy are particularly vulnerable to these threats due to inadequate protection for critical and sensitive information, budgetary constraints, and lack of cybersecurity expertise and personnel. Security Information and Event Management (SIEM) systems have emerged as pivotal tools for monitoring, detecting, and responding to security incidents. While proprietary SIEM solutions have historically dominated the market, open-source SIEM systems have gained prominence for their accessibility and cost-effectiveness for SMEs. This article presents a comprehensive study focusing on the evaluation of open-source SIEM systems. The research investigates the capabilities of these open-source solutions in addressing modern security challenges and compliance with regulatory requirements. Performance aspects are explored through empirical testing in simulated enterprise-grade SME network environments to assess resource utilization, and real-time data processing capabilities. By providing a rigorous assessment of the security and performance features of open-source SIEM systems, this research offers valuable insights to cybersecurity practitioners, organizations seeking cost-effective security solutions, and the broader academic community. The findings shed light on the strengths and limitations of these systems, aiding decision-makers in selecting the most suitable SIEM solution for their specific requirements while enhancing the cybersecurity posture of SMEs.

Correction: Optimizing SIEM Throughput on the Cloud Using Parallelization.

[This corrects the article DOI: 10.1371/journal.pone.0162746.].

Optimizing SIEM Throughput on the Cloud Using Parallelization.

Processing large amounts of data in real time for identifying security issues pose several performance challenges, especially when hardware infrastructure is limited. Managed Security Service Providers (MSSP), mostly hosting their applications on the Cloud, receive events at a very high rate that varies from a few hundred to a couple of thousand events per second (EPS). It is critical to process this data efficiently, so that attacks could be identified quickly and necessary response could be initiated. This paper evaluates the performance of a security framework OSTROM built on the Esper complex event processing (CEP) engine under a parallel and non-parallel computational framework. We explain three architectures under which Esper can be used to process events. We investigated the effect on throughput, memory and CPU usage in each configuration setting. The results indicate that the performance of the engine is limited by the number of events coming in rather than the queries being processed. The architecture where 1/4th of the total events are submitted to each instance and all the queries are processed by all the units shows best results in terms of throughput, memory and CPU usage.