A Novel and Comprehensive Evaluation Methodology for SIEM

Abstract

Many SIEM products have been produced. However, there is no comprehensive methodology to evaluate them. We present a novel and comprehensive three-dimensional methodology to evaluate SIEM products. We consider a SIEM product as a set of dimensions, namely capability, architectural component, and common feature, then subdivide each dimension-according to its definition-into sub-dimensions. Afterward, we develop multiple criteria for evaluating each sub-dimension. The dimensions can have a different impact and importance on SIEM product, to determine the magnitude of the impact and importance of each dimension we use a factor called the impact factor. We also consider some impact factors for the impact and importance of each sub-dimension and each criterion. Since there are different methods, algorithms, and standards for developing the criteria, so we provide maturity levels for each criterion. The results of the evaluations show that this methodology can evaluate the criteria coverage, completeness and correctness of criteria, and determine the superiority of criteria in the SIEM products as well.