Systematic review of SIEM technology: SIEM-SC birth

Abstract

This paper contains a systematic review carried out to address the current status of the System Information and Event Management (SIEM) technology and what may possibly be the next steps in the future. We shall focus on: where SIEM will shift in the near/long-term future, whether this change will affect the technology as it is right now, and finally, what benefits users will obtain from this growing security-monitoring technology. The paradigm of this technology is slowly shifting from monitoring/alerting to demanding international standards with which all security tools must comply in every internal or external audit, leaning toward security-as-a-service rather than premise solutions and improvements to detection engines in order to make them respond faster and in a more agile and accurate manner, thus optimizing analyst time. All of this had been taken into account by comparing, analyzing, correcting, and predicting the near future of this technology, highlighting its usage together with the compatibility of cutting edge technology such as Blockchain, containers, cloud, international compliance. Of the papers analyzed, 50% were new proposals at the time of their publication, impacting on SIEM functionality, and 19% were involved in real scenarios. The authors use the papers analyzed as the basis on which to propose a new framework that is compatible with GDPR, using multiple technologies blockchain, encryption, and containers. This framework has been denominated as SIEM-SC (Security Compliance).