research paper on event management system

Design of a Web-Based Platform: Event-Venues Booking and Management System

Conference paper
First Online: 02 September 2022
Cite this conference paper

P. S. JosephNg 12 ,
S. M. Al-Sofi 13 ,
K. Y. Phan 14 ,
J. T. Lim 14 &
S. C. Lai 14

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 475))

439 Accesses

1 Citations

Conducting an event require planning multiple tasks and managing finance for the event. Nevertheless, event management and event organization are more of a manual-based works and require a more automated system to produce more efficient and reliable reservations. This research aims to improve the event organization and management by promoting people to find, book a venue, and track the budget expenses through a web-based platform, Event-Venues Booking and Management System, by implementing cloud computing. After the data from a survey and an interview have been obtained and presented, the suggested system features are created based on the gathered results that would meet the needs of the future user. The findings suggest that the online platform assists individuals in arranging and managing their events in a more manageable and timely manner, while lowering the cost and time associated with it. Furthermore, the established system helps both users and suppliers to foster a positive connection between them, as determined by the research questions and objectives.

Online booking
Budget tracking
Cloud computing

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Available as PDF
Read on any device
Instant download
Own it forever
Available as EPUB and PDF
Compact, lightweight edition
Dispatched in 3 to 5 business days
Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Mehrotra and J. Lobo, ‘Technology Driving Event Management Industry to the Next Level’, in 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) , Noida, India, 2020, 1(1),436–441.

Google Scholar

Bilgihan and M. Bujisic, ‘The effect of website features in online relationship marketing: A case of online hotel booking’, Electron. Commer. Res. Appl. , vol. 14, no. 4, pp. 222–232, Jul. 2015.

N. Serhiy, K. Yaroslav, and B. Kateryna, ‘Online Reservation System Project’, in Proceedings of the 4 the International Conference Computational Linguistics And Intelligent Systems , Lviv, Ukraine, 2020, 2(1), 347–348.

F. Rodzi, E. Nasir, A. Azmi, D. Abdullah, A. Azmi, and S. Kamal, ‘The Role of Compatibility, Information Quality and e-Service Quality in Predicting Mobile Hotel Booking Adoption: A Conceptual Framework’, Int. Acad. Res. J. Bus. Technol. , 2( 2), 123–128, 2016.

J. S. Madray, ‘THE IMPACT OF COVID-19 ON EVENT MANAGEMENT INDUSTRY’, Int. J. Eng. Appl. Sci. Technol. , 5(3), 533–535, 2020.

M Loke, PS JosephNg, AS Shibghatullah & HC Eaw (2020), Jomdrone: Data mining financial sense in the property agency, IEEE Symposium on Industrial Electronics and Application, Malaysia, 1-5

J. S. Zhang and Q. Lv, ‘Understanding Event Organization at Scale in Event-Based Social Networks’, ACM Trans. Intell. Syst. Technol. , 10(2), 16:1–16:23, 2019 .

Emir, H. Halim, A. Hedre, D. Abdullah, A. Azmi, and S. Kamal, ‘Factors Influencing Online Hotel Booking Intention: A Conceptual Framework from Stimulus-Organism-Response Perspective’, Int. Acad. Res. J. Bus. Technol. , 2(2), 129–134, 2016.

M. Ahmed, S. H. Ahmed, and O. H. Ahmed, ‘Dijkstra algorithm applied: Design and implementation of a framework to find nearest hotels and booking systems in Iraqi’, in 2017 International Conference on Current Research in Computer Science and Information Technology (ICCIT) , Slemani - Iraq, Apr. 2017, 4(1), 126–132.

N. A. H. Zolkopli, S. S. Ramli, A. Azmi, and S. B. M. Kamal, ‘Online Travel Shopping Intention’, Int. Acad. Res. J. Bus. Technol. , 2(2), 140–144, 2016.

S. Kamal, D. Abdullah, N. Md Nor, A. Ngelambong, and K. Bahari, ‘Hotel Booking Websites and their Impact on E-Satisfaction and E-Loyalty: Analysis on Utilitarian and Hedonic Features’, Int. Acad. Res. J. Bus. Technol. , 8(15), 160–177, 2018.

KM Liow, PS JosephNg, YF Loh, JomDesignLab: Bringing Artwork Design Nearer, IEEE International Conference on Control Systems, Computing and Engineering, Malaysia, 1–6

N. Bikakis, V. Kalogeraki, and D. Gunopulos, ‘Social Event Scheduling’, ArXiv180109973 Cs , 4(2), 1272–1275, 2018 .

P. Berners, The Practical Guide to Organising Events , 1st ed., 1(1). New York: Taylor & Francis, 2017.

H. Ujang, A. R. Omar, I. A. Rani, A. Azmi, S. B. M. Kamal, and D. Abdullah, ‘Factors Influencing Consumers Intention to use Self Service Technology in Tourism and Hospitality Industry’, Int. Acad. Res. J. Bus. Technol. ,2(2), 118–122, 2016.

M. Tiwari, T. Tiwari, S. Chaudhary, A. Marwah, and D. S. Bawa, ‘Need for sustainable event management in the Indian context’, J. Inf. Optim. Sci. , 41(5), 1291–1297, 2020.

T. C. Greenwell, L. A. Danzey-Bussell, and D. J. Shonk, Managing Sport Events , 1st ed., 1(1). USA: Human Kinetics, 2019.

M. A. Adu, ‘VENUE MANAGERS AND MEETING PLANNERS: A COMBINED PERSPECTIVE OF THEIR ROLES, RELATIONSHIPS, AND ATTRIBUTES NECESSARY FOR HOSTING A SUCCESSFUL MEETING’, J. UKnowledge , 15(4), 123–128, 2018.

MathSciNet Google Scholar

Koh and H. Greene, ‘Green Event Marketing: The Sustainable Community Event Portfolio’, J. Interdisciplinary Bus. Stud. , 2(8), 1–14, 2013.

L. Brooks, E. I. Brooks, and D. Jonathan, Interactivity and Game Creation: 9th EAI International Conference, ArtsIT 2020, Aalborg, Denmark, December 10–11, 2020, Proceedings , 1st ed., 1(1), Hung Kong SAR: Springer Nature, 2021.

J. Ugoani, ‘Budget Management and Organizational Effectiveness in Nigeria’, Bus. Manag. Econ. Res. , 5(2), 33–39, 2019.

Article Google Scholar

J. Ugoani, ‘Imperatives of Career Management and its Effect on Employee Performance’, Int. J. Soc. Sci. Perspect. , 5(2), 47–56, 2019.

Capriello, L. Altinay, and A. Monti, ‘Exploring resource procurement for community-based event organization in social enterprises: evidence from Piedmont, Italy’, Curr. Issues Tour. , 22(19), 2319–2322, 2019 .

H. Singh and R. R. Shah, ‘BOOKiiIT - Designing a Venue Booking System (Technical Demo)’, in 2020 IEEE Sixth International Conference on Multimedia Big Data (BigMM) , New Delhi, India, Sep. 2020, 1(1), 287–291.

W. H. Guilford and R. H. Schmedlen, ‘Perspectives on Successfully Implementing BME Design Courses Online: Notes from an ASEE Workshop’, Biomed. Eng. Educ. , 1(1), 145–148, 2021.

K. Meshram, D. Mate, A. Tighare, D. Wangal, and A. Lanjewar, ‘Celebrations - Online Venue Booking Management System’, Int. J. Res. Eng. Sci. Manag. , 2(3), 319–321, 2019.

JosephNg, P. S., & Eaw, H. (2021). Making Financial Sense from EaaS for MSE during Economic Uncertainty. Future of Information and Communication Conference (pp. 976–989). Vancouver, Canada: Springer Advances in Intelligent Systems and Computing.

JosephNg, P. S. (2021). Economic Turbulence and EaaS Grid Computing. Int. J. of Business Forecasting and Marketing Intelligence, 7(1), 33–52

JosephNg, P. S., & Eaw, H. C. (2022). Still Technology Acceptance Model? Reborn with Exostructure as a Service. International Journal of Business Information Systems, forthcoming .

JosephNg, P. S. (2019). EaaS Infrastructure Disruptor for MSE. International Journal of Business Information System, 30 (3), 373-385.

JosephNg, P. S. (2018). EaaS Optimization: Available yet hidden information technology infrastructure inside the medium-size enterprise. Technological Forecasting and Social Change, 132 (July), 165 - 173.

JosephNg, P. S., & Kang, C. M. (2016). Beyond Barebones Cloud Infrastructure Services: Stumbling Competitiveness During Economic Turbulence. Journal of Science & Technology, 24 (1), 101-121.

JosephNg Poh Soon, Kang Chon Moy, Ahmad Kamil Mahmood, Wong See Wan, Phan Koo Yuen, Saw Seow Hui, Lim Jit Theam (2016), EaaS: Available yet Hidden Infrastructure inside MSE, 5th International Conference on Network, Communication, and Computing, Kyoto, Japan, ACM International Conference Proceeding Series, 17–20.

PS, J. N., Kang, C. M., Choo, P. Y., Wong, S. W., Phan, K. Y., & Lim, E. (2016). Exostructure Services for Infrastructure Resources Optimization. Journal of Telecommunication, Electronic and Computer Engineering, 8 (4), 65-69.

JNP Soon, WS Wan, PK Yuean, LE Heng & LJ Theam (2015). Barebone Cloud IaaS: Revitalisation Disruptive Technology, International Journal of Business Information Systems, 18(1), 107-126

Joseph, N. P.S., Mahmood, A. K., Choo, P. Y., Wong, S. W., Phan, K. Y., & Lim, E. H. (2014). IaaS cloud optimisation during economic turbulence for Malaysia small and medium enterprises. International Journal of Business Information Systems, 16 (2), 196-208

Joseph, N. P.S., Mahmood, A. K., Choo, P. Y., Wong, S. W. Phan, K. Y., & Lim, E. H. (2013). Battles in volatile information and communication technology landscape: The Malaysia small and medium-size enterprise case, International Journal of Business Information Systems, 16 (2), 196-208

C. Li, J. Li, H. Cao, and Z. Meng, ‘Design and Implementation of Online Booking System of University Sports Venues’, MATEC Web Conf. , 100(1), 20–24, 2017.

D. Alkhaldi, D. Alkhaldi, H. Aldossary, U. A. Badawi, M. Alshabanah, and D. Alrajhi, ‘Developing and Implementing Web-based Online University Facilities Reservation System’, Int. J. Appl. Eng. Res. , 13(9), 6700–6708, 2018.

I. T. on S. D. Innovation (ITSDI) and D. I. U. R. MM M. T. I., Cloud Computing and its role in Information Technology , 2nd ed., 1(1). Madinah Saudi Arabia: IAIC Transactions on Sustainable Digital Innovation (ITSDI), 2021.

Download references

Author information

Authors and affiliations.

Faculty of Data Science and Information Technology, INTI International University Persiaran Perdana BBN, Putra Nilai, 71800, Nilai, Negeri Sembilan, Malaysia

P. S. JosephNg

Institution of Computer Science and Digital Innovation, UCSI University UCSI Heights, 56000, Cheras, Kuala Lumpur, Malaysia

S. M. Al-Sofi

Faculty of Information and Communication Technology, Universiti Tunku Abdul Rahman, 31900, Kampar, Perak, Malaysia

K. Y. Phan, J. T. Lim & S. C. Lai

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. S. JosephNg .

Editor information

Editors and affiliations.

Electronics and Communication Engineering, Gnanamani College of Technology, Namakkal, India

G. Ranganathan

Czech Technical University in Prague, Prague, Czech Republic

Robert Bestak

Ryerson Communications Lab, Toronto, ON, Canada

Xavier Fernando

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper.

JosephNg, P.S., Al-Sofi, S.M., Phan, K.Y., Lim, J.T., Lai, S.C. (2023). Design of a Web-Based Platform: Event-Venues Booking and Management System. In: Ranganathan, G., Bestak, R., Fernando, X. (eds) Pervasive Computing and Social Networking. Lecture Notes in Networks and Systems, vol 475. Springer, Singapore. https://doi.org/10.1007/978-981-19-2840-6_35

Download citation

DOI : https://doi.org/10.1007/978-981-19-2840-6_35

Published : 02 September 2022

Publisher Name : Springer, Singapore

Print ISBN : 978-981-19-2839-0

Online ISBN : 978-981-19-2840-6

eBook Packages : Engineering Engineering (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

Find a journal
Track your research

Event and festival research: a review and research directions

International Journal of Event and Festival Management

ISSN : 1758-2954

Article publication date: 19 November 2019

Issue publication date: 19 November 2019

Mair, J. and Weber, K. (2019), "Event and festival research: a review and research directions", International Journal of Event and Festival Management , Vol. 10 No. 3, pp. 209-216. https://doi.org/10.1108/IJEFM-10-2019-080

Emerald Publishing Limited

Events and festivals are key elements of the tourism product in many destinations ( Getz and Page, 2016 ). The ability of festivals and events to attract visitors to a host region, and to contribute to its economic and social well-being explains the significance afforded to them in many tourism policies and strategies ( Mair and Whitford, 2013 ). This contribution is a strong justification for public funding of events and festivals ( Felsenstein and Fleischer, 2003 ; O’Hagan, 1992 ). Thus, in conjunction with tourism, they are becoming a realistic policy option for regional development ( Moscardo, 2007 ; Robinson et al. , 2004 ). However, the rapid growth of the events/festival industry in the past few decades has not always been matched with the level of research devoted to investigating it. Additionally, the fragmented nature of the research that exists poses challenges for researchers and practitioners trying to identify both the existing knowledge and any research gaps. Nonetheless, the interest of the academic community in event and festival research has increased significantly, particularly in the past decade. This has broadly aligned with the time that the International Journal of Event and Festival Management has been in existence. Here we look back on the general direction of research in our field and provide some potential avenues for future research to strengthen and enrich event and festival research.

To date, several reviews have examined the state of research relating to festivals and events. Getz (2010) reviewed the literature on festivals, identifying three major discourses – a classical discourse, concerning the roles, meanings and impacts of festivals in society and culture; an instrumentalist discourse, where festivals are viewed as tools to be used in economic development, particularly in relation to tourism and place marketing; and an event management discourse, which focuses on the production and marketing of festivals and the management of festival organisations ( Getz, 2010 ). Getz and Page (2016) also reviewed the event tourism literature. According to Getz (2013), there are five core propositions of event tourism: events can attract visitors who may not otherwise visit the area; events can create a positive destination image and branding; events contribute to place marketing by making destinations more attractive; events animate cities, resorts and parks; and event tourism is a catalyst for other forms of development. A more recent review of trends in event management research was published in 2017, highlighting the themes which appeared to represent the most popular research topics over the period from 1998 until 2013 in studies published in leading hospitality and tourism as well as event-focused academic journals ( Park and Park, 2017 ). A total of 698 articles were analysed and results showed that the most popular research topics were marketing, events and destinations and management. Planning and evaluation of events along with the use of technology in events were also well represented in this sample. However, events education and human resources in events appeared to be less well researched ( Park and Park, 2017 ). Other reviews have been completed in the area of festivals, but they have been limited by a focus on papers published in journals associated with one discipline or field of study only. For example, Cudny (2014) took a geographical perspective and Frost (2015) reviewed anthropological studies of festivals, which broadly position festivals as sites of cultural practice and experience. However, neither addressed festival management issues.

The literature on events and festivals has been approached from a number of theoretical perspectives. Initially, cultural and social research predominated. However, more recently far more research has taken a business orientation, focusing on themes such as management, marketing and tourism, as noted by Park and Park (2017) .

Festivals/events and tourism

The links between events (particularly festivals) and tourism have been a fertile area for research. Increasing tourism is one of the key reasons why local governments support and stage festivals ( Mayfield and Crompton, 1995 ), and according to Anderssen and Getz (2009), many destinations view festivals as attractions and use them as part of their destination marketing strategy. There are clear benefits to hosting festivals, primarily in terms of economic but also social benefits. In relation to economic benefits, increasing visitor numbers, supporting job creation and underpinning economic development appear to be the main positive impacts of festivals; however, the extent of such positive impacts is disputed in relation to whether festivals actually attract visitors ( McKercher et al. , 2006 ); whether visitors are even aware of festivals when they make their destination decision ( Oh and Lee, 2012 ); and whether festival visitors, many of whom camp and eat on the festival site, are actually making much economic contribution at all (Saleh and Ryan, 2003). Further, in relation to social benefits such as community cohesion, sense of place, belonging and identity, the literature appears somewhat contrary. While there is plenty of evidence to suggest that these are the objectives of festival organisers, funding bodies and local authorities, there appears to be less evidence of whether festivals are successful in achieving these objectives, and through which mechanisms this may be facilitated. Further, while festivals have unique features and cultural dimensions which are also important factors for attracting tourists, the importance of exercising caution when using tangible or intangible historic and cultural resources for festival activities seems to be less acknowledged. Therefore, while the potential benefits of festivals have been clearly outlined, research appears to be lacking in terms of truly comprehending how best to achieve these desired benefits.

Festivals/events and marketing

There is also a significant body of work that examines events/festivals and marketing, with this topic representing the most widely researched theme identified by Park and Park (2017) . Drawing on initial work by Crompton and McKay (1997) , who proposed six key motivational dimensions to explain festival attendance, researchers have examined attendance motivations in a multitude of contexts, yet for the most part, few significant differences have been found. Existing reviews have already ascertained that attendance motivations have been thoroughly researched ( Getz, 2010 ); yet, studies continue to be published in this topic. For example, while there have been some minor differences to the original Crompton and McKay (1997) motivation framework, the underlying dimensions appear to be relatively stable over time and across a variety of contexts. Nonetheless, each year more studies appear testing these dimensions in yet more contexts.

Similarly, an established body of research has concluded that good quality festivals result in attendee satisfaction, which then leads to increased loyalty in the form of future re-purchase intentions (see for example, Anil, 2012 ; Cole and Illum, 2006 ; Cole and Chancellor, 2009 ; Lee et al. , 2007 ; Son and Lee, 2011 ; Mason and Nassivera, 2013 ). Nevertheless, despite this literature, studies examining the relationship between satisfaction, quality and loyalty continue to be published. Finally, market segmentation studies occur frequently in the festival literature, yet as most are case study based, they are failing to make generalisable contributions to our knowledge of this area. In summary, it appears that in these areas, researchers have simply been making only small, incremental contributions.

Several issues have arisen in relation to festival marketing and consumer behaviour which would present useful opportunities for further study. For example, the decision-making process of festival goers requires more research, as much of this research to date has been undertaken in case study contexts, without further generalisation (e.g. Kruger and Saayman, 2012 ). Further, there is a noticeable lack of research in areas of marketing that more recently gained greater popularity, including experiential marketing, and very little research on the role of social media and events. Experiential marketing focuses primarily on helping consumers to experience a brand, with the goal of forming a memorable connection and an expected outcome of future purchases and brand loyalty. Festivals offer an unrivalled opportunity for organisations to showcase their brands and build a connection in the mind of the consumer between the festival experience and the brand experience, as noted by Chen et al. (2011) , yet this is a relatively unexplored area where future research should be carried out.

Social media has also been the focus of surprisingly few festival studies thus far. This is particularly unexpected given the widespread use of various types of social media and its obvious links with marketing. In a case study of music festivals, Hudson and Hudson (2013) carried out some pioneering work to understand how festival organisers are engaging with both social media and their consumers. Their findings suggest that music festival organisers are proactive in using social media. In a subsequent study, Hudson et al. (2015) developed a conceptual model that was subsequently tested with music festival attendees. Study findings provided evidence that social media do indeed have a significant influence on emotions and attachments to festival brands, and that social media-based relationships lead to desired outcomes such as positive word of mouth. Montanari et al. (2013) examine an Italian photography festival, and revealed how using social media and Web 2.0 technology enhanced the way the festival was able to communicate with its audience. Social media is also changing the way potential attendees make their attendance decision. Lee et al. (2012) investigated whether engagement with a festival “event” page on Facebook was linked with actual attendance at the festival. They found some evidence to suggest that the event Facebook page stimulated emotions and a desire to attend the actual festival. Research by Williams et al. (2015) suggests that festivals are both generators and animators of electronic word of mouth, but the authors acknowledge the exploratory nature of their research. Sigala (2018a, b) has advanced our conceptual knowledge of social media as it relates to both festival management and marketing, creating a typology of the way that social media is being used in festival management and organisation. She also drew attention to the use and influence of social media on both attendee experiences and decision making and festival marketing strategies. In view of the omnipresent nature of social media, this is an area where there is a considerable need for further research in the festival context; there is ample room for new studies relating to social media to bring theory development and practical implications.

Technology mediated experiences are changing the festivalscape as events and festivals integrate hardware, software, netware and humanware into the attendee experience ( Neuhofer et al. , 2014 ; Robertson et al. , 2015 ; Van Winkle et al. , 2018 ). ICT has been used at events and festivals for utilitarian and hedonic purposes yet little is known about the implications for the events, attendees, volunteers and other stakeholders. Thus, research into the integration of ICT into the administration, design, marketing, operations and risk management of events and festivals is essential. An upcoming special issue of IJEFM will focus on these key issues.

Festivals/events and management

Three key aspects of strategic festival management have received significant attention from researchers – stakeholder management; festival success factors and conversely, festival failures; and festivals and environmental sustainability. The importance of understanding and managing stakeholders is widely acknowledged (e.g. Reid, 2007 ), and it may very well be that further research will simply underline this. However, in relation to other aspects of management, there are certainly areas where more research is required. For example, whilst knowledge transfer appears to be taking place in successful festivals ( Stadler et al. , 2014 ), transfer of knowledge is not well defined, or even explicitly acknowledged. Interestingly, festival failure has apparently been the subject of more research than festival success but further areas for useful contributions remain. These include succession planning and risk management. In addition, differences in strategic management planning and operations between festivals under different types of ownership appear significantly under-researched (Andersson and Getz, 2009; Carlsen and Andersson 2011 ). Despite a few studies (e.g. Robertson and Yeoman, 2014; Yeoman, 2013 ), there have also been few attempts to foresee future trends and issues that are likely to affect festivals and their management.

Getz and Page (2016) also argue for further research to better understand the role that festivals play in bringing together disparate groups such as visitors and residents. Complex relationships between communal identity and place emerge as people have various sets of connections to multiple notions of “place” and “home”. This is an area where social science research could play an important role, bringing together the business aspects of tourism and festival management with the issues of place, space and people researched by geographers and social scientists.

There is also a small but growing body of knowledge on festivals and sustainability; however, this topical area offers considerable potential for future research, and ample room for further theoretical and practical contributions. Research attention may be placed on issues such as the triple bottom line, links between festivals and social sustainability, and even the opportunities for festivals to play an education and behaviour change role in relation to pro-environmental behaviour. For example, Andersson and Lundberg (2013) considered the notion of commensurability and proposed a framework for assessing the overall TBL sustainability of a festival by allocating a monetary value to each component. This is done using market values of emission rights, the shadow costs of environmental resources, contingent valuation analysis of (willingness to pay for) socio-cultural impacts and estimates of direct expenditure and opportunity cost. However, the authors acknowledge that there are aspects of their framework which are subjective, and they note that future research is needed to clarify the generalisability of their framework. Duran et al. (2014) also propose a framework – the Sustainable Festival Management Model – which highlights that stakeholder participation, especially non-governmental organisations, the tourism sector and local people who might be impacted by the festival, is vital for the development of a sustainable festival. Van Niekerk and Coetzee (2011) used the VICE model (visitor, industry community and environment) to assess the sustainability of an arts festival in South Africa and suggest that this framework can help to identify critical issues relating to a festival and its sustainability. However, they also note that research using this model is somewhat limited in the events context and that further research on the efficacy and usefulness of the model is required ( Van Niekerk and Coetzee, 2011 ).

Implications for future festival/event research

There are several implications for future festival/event research resulting from the brief overview provided. These can be classified as opportunities for interdisciplinary research, a reliance on the western perspective and a corresponding lack of different cultural perspectives, an absence of research into the pedagogy of festival/event studies and finally, an array of limitations associated with the current body of knowledge.

First, there is a lack of interdisciplinary work that incorporates business and social and/or spatial perspectives. In his review, Getz (2010) highlighted that the classical discourse was under-acknowledged in extant festival studies, and that more connections should be made between festival studies and other disciplines such as sociology and anthropology. Further, Cudny (2014) called for more theoretical research to underpin the development of festival studies in future. Much of the work that has taken a business perspective, perhaps not surprisingly, has focused inwards on the festival – how to market, manage, stage it and provide a good quality service and experience (see Park and Park, 2017 ). However, very little of the festival research appearing in the business literature has been outwardly focused – considering how festivals may be mechanisms for achieving other aims – social, cultural, political, behavioural, etc. Clearly, in order to survive, festivals have to be successful business products, but in order to achieve other objectives, managers need to be aware of some of the issues that are explored in the social sciences and humanities literature, such as inclusion vs exclusion at festivals, festivals and authenticity/tradition, and festivals as spaces of protest, counterculture and self-expression, to name but a few. Interdisciplinary work, using theories and concepts from beyond business disciplines (e.g. social capital, affect and emotion theories and Florida’s (2002, 2003) creative industries framework) would inform festival research, and while the majority of recent work being published on festivals has appeared in journals associated with tourism, events and business more broadly, applying other disciplinary theories and frameworks would bring these to a new audience and thus, help to make a greater contribution.

Second, there is a dearth of different cultural perspectives in festival and event research. While already highlighted by Getz (2010) , it appears that researchers have not paid much heed to his call for comparative and cross-cultural studies. There is a need to move away from Western paradigms when examining non-Western phenomena. For example, Pine (2002) suggested that the development policy of hotel groups or chains established in China needs to consider the Chinese socio-economic context, thus implying that a research model should be developed specifically for China hotel development. China’s hotel industry is different from that of other countries due to fierce competition, multiform ownership and management systems, and coupled with China’s unique culture society might require a different research approach. Similar considerations would be of value in relation to festivals research in other non-western contexts. In a similar vein, the number of countries with resident populations that are culturally diverse has led to an awareness of the importance of building well-organised, multicultural societies ( Chin, 1992 ; Lee et al. , 2012 ; Parekh, 2006 ). Festivals can play a significant role in this. Multicultural festivals are especially important for minority groups seeking to maintain cultural traditions ( Lee et al. , 2012 ). However, despite some initial research in this area, further detailed study of the nature of festivals in a multicultural society would be of tremendous value.

Third, there are no pedagogical articles specifically related to festival studies. There is a relatively limited body of knowledge relating to teaching event management. For example Getz (2010) highlights that events students should learn and be able to apply both event specific knowledge (such as understanding the meaning, importance and impacts of festivals and events, and in addition their limited duration and episodic nature) as well as management specific knowledge including marketing, finance and accounting. Additionally, initiatives such as the development of the International Event Management Body of Knowledge seek to define research and understand the parameters of events and the knowledge, understanding and skills required in order to succeed in a contemporary environment ( Silvers et al. , 2005 ). Nonetheless, the pedagogy of festival and event studies remains an important, yet significantly under-researched area.

Finally, there are a number of limitations relating to the existing body of festival/event literature. Reminiscent of other review papers in the broader tourism and hospitality context, and beyond (e.g. Denizci Guillet and Mohammed, 2015 ; Kong and Cheung, 2009 ; Mattila, 2004 ; Yoo and Weber, 2005 ), the vast majority of papers relating to festival/event research are empirical rather than conceptual and theoretical in nature. In addition, as has been noted already, much of the research in the field of festivals has taken a case study approach. This has arguably limited the scope and scale of our knowledge of festivals. More sophisticated methods, both qualitative and quantitative, would provide a more nuanced study of particular festivals and places, yet at the same time contribute further to advancing our theoretical and practical knowledge of festivals.

Given this, a call for greater theory development and testing within the festival context appears timely. This is in line with Oh et al. (2004 , p. 441) who note that “[…] applications are not a wrong effort to make; what is needed is a stronger conceptual rigour and meaningful contribution [to] back to the mainstream theoretical thought through creative application and domain-specific theory development activities.”

Judith Mair and Karin Weber

Andersson , T.D. and Lundberg , E. ( 2013 ), “ Commensurability and sustainability: triple impact assessments of a tourism event ”, Tourism Management , Vol. 37 , pp. 99 - 109 .

Anil , N.K. ( 2012 ), “ Festival visitors’ satisfaction and loyalty: an example of small, local, and municipality organized festival ”, Turizam , Vol. 60 No. 3 , pp. 255 - 271 .

Carlsen , J. and Andersson , T.D. ( 2011 ), “ Strategic SWOT analysis of public, private and not-for-profit festival organisations ”, International Journal of Event and Festival Management , Vol. 2 No. 1 , pp. 83 - 97 .

Chen , C.C. , Tseng , M.L. and Lin , Y.H. ( 2011 ), “ Recreation demand of consumer with experiential marketing in festival ”, Procedia – Social and Behavioral Sciences , Vol. 25 , pp. 447 - 453 .

Chin , D. ( 1992 ), “ Multiculturalism and its masks: the art of identity politics ”, Performing Arts Journal , Vol. 14 No. 1 , pp. 1 - 15 .

Cole , S.T. and Chancellor , H.C. ( 2009 ), “ Examining the festival attributes that impact visitor experience, satisfaction and re-visit intention ”, Journal of Vacation Marketing , Vol. 15 No. 4 , pp. 323 - 333 .

Cole , S.T. and Illum , S.F. ( 2006 ), “ Examining the mediating role of festival visitors’ satisfaction in the relationship between service quality and behavioral intentions ”, Journal of Vacation Marketing , Vol. 12 No. 2 , pp. 160 - 173 .

Crompton , J.L. and McKay , S.L. ( 1997 ), “ Motives of visitors attending festival events ”, Annals of Tourism Research , Vol. 24 No. 2 , pp. 425 - 439 .

Cudny , W. ( 2014 ), “ Festivals as a subject for geographical research ”, Geografisk Tidsskrift-Danish Journal of Geography , Vol. 114 No. 2 , pp. 132 - 142 .

Denizci Guillet , B. and Mohammed , I. ( 2015 ), “ Revenue management research in hospitality and tourism: a critical review of current literature and suggestions for future research ”, International Journal of Contemporary Hospitality Management , Vol. 27 No. 4 , pp. 526 - 556 .

Duran , E. , Hamarat , B. and Özkul , E. ( 2014 ), “ A sustainable festival management model: the case of International Troia festival ”, International Journal of Culture, Tourism and Hospitality Research , Vol. 8 No. 2 , pp. 173 - 193 .

Felsenstein , D. and Fleischer , A. ( 2003 ), “ Local festivals and tourism promotion: the role of public assistance and visitor expenditure ”, Journal of Travel Research , Vol. 41 No. 4 , pp. 385 - 392 .

Florida , R. ( 2002 ), The Rise of the Creative Class , Basic Books , New York, NY .

Florida , R. ( 2003 ), “ Cities and the creative class ”, City & Community , Vol. 2 No. 1 , pp. 3 - 19 .

Frost , N. ( 2015 ), “ Anthropology and festivals: festival ecologies ”, Ethnos , pp. 1 - 15 .

Getz , D. and Page , S.J. ( 2016 ), “ Progress and prospects for event tourism research ”, Tourism Management , Vol. 52 , pp. 593 - 631 .

Getz , D. ( 2010 ), “ The nature and scope of festival studies ”, International Journal of Event Management Research , Vol. 5 No. 1 , pp. 1 - 47 .

Hudson , S. and Hudson , R. ( 2013 ), “ Engaging with consumers using social media: a case study of music festivals ”, International Journal of Event and Festival Management , Vol. 4 No. 3 , pp. 206 - 223 .

Kong , H. and Cheung , C. ( 2009 ), “ Hotel development in China: a review of the English language literature ”, International Journal of Contemporary Hospitality Management , Vol. 21 No. 3 , pp. 341 - 355 .

Kruger , M. and Saayman , M. ( 2012 ), “ When do festinos decide to attend an arts festival? An analysis of the innibos national arts festival ”, Journal of Travel & Tourism Marketing , Vol. 29 No. 2 , pp. 147 - 162 .

Lee , I.S. , Arcodia , C. and Lee , T.J. ( 2012 ), “ Multicultural festivals: a niche tourism product in South Korea ”, Tourism Review , Vol. 67 No. 1 , pp. 34 - 41 .

Lee , S.Y. , Petrick , J.F. and Crompton , J. ( 2007 ), “ The roles of quality and intermediary constructs in determining festival attendees’ behavioral intention ”, Journal of Travel Research , Vol. 45 No. 4 , pp. 402 - 412 .

Lee , W. , Xiong , L. and Hu , C. ( 2012 ), “ The effect of Facebook users’ arousal and valence on intention to go to the festival: applying an extension of the technology acceptance model ”, International Journal of Hospitality Management , Vol. 31 , pp. 819 - 827 .

McKercher , B. , Mei , W.S. and Tse , T.S.M. ( 2006 ), “ Are short duration cultural festivals tourist attractions? ”, Journal of Sustainable Tourism , Vol. 14 No. 1 , pp. 55 - 66 .

Mair , J. and Whitford , M. ( 2013 ), “ An exploration of events research: event topics, themes and emerging trends ”, International Journal of Event and Festival Management , Vol. 4 No. 1 , pp. 6 - 30 .

Mason , M.C. and Nassivera , F. ( 2013 ), “ A conceptualization of the relationships between quality, satisfaction, behavioral intention, and awareness of a festival ”, Journal of Hospitality Marketing & Management , Vol. 22 No. 2 , pp. 162 - 182 .

Mattila , A.S. ( 2004 ), “ Consumer behavior research in hospitality and tourism journals ”, International Journal of Hospitality Management , Vol. 23 No. 5 , pp. 449 - 457 .

Mayfield , T.L. and Crompton , J.L. ( 1995 ), “ Development of an instrument for identifying community reasons for staging a festival ”, Journal of Travel Research , Vol. 33 No. 3 , pp. 37 - 44 .

Montanari , F. , Scapolan , A. and Codeluppi , E. ( 2013 ), “ Identity and social media in an art festivals ”, Tourism Social Media: Transformations in Identity, Community and Culture , Emerald , pp. 207 - 225 .

Moscardo , G. ( 2007 ), “Analyzing the role of festivals and events in regional development ”, Event Management , Vol. 11 Nos 1-2 , pp. 23 - 32 .

Neuhofer , B. , Buhalis , D. and Ladkin , A. ( 2014 ), “ A typology of technology-enhanced tourism experiences ”, International Journal of Tourism Research , Vol. 16 No. 4 , pp. 340 - 350 .

O’Hagan , J.W. ( 1992 ), “ The Wexford opera festival: a case for public funding? ”, Cultural Economics , Springer , Berlin and Heidelberg , pp. 61 - 66 .

Oh , M.-J. and Lee , T.J. ( 2012 ), “ How local festivals affect the destination choice of tourists ”, Event Management , Vol. 16 No. 1 , pp. 1 - 9 .

Oh , H. , Kim , B.-Y. and Shin , J.-H. ( 2004 ), “ Hospitality and tourism marketing: recent developments in research and future directions ”, International Journal of Hospitality Management , Vol. 23 No. 5 , pp. 425 - 447 .

Parekh , B. ( 2006 ), Rethinking Multiculturalism: Cultural Diversity and Political Theory , 2nd ed. , Palgrave Macmillan , New York, NY .

Park , S.B. and Park , K. ( 2017 ), “ Thematic trends in event management research ”, International Journal of Contemporary Hospitality Management , Vol. 29 No. 3 , pp. 848 - 861 .

Pine , R. ( 2002 ), “ China’s hotel industry: serving a massive market ”, Cornell Hospitality Quarterly , Vol. 43 No. 3 , p. 61 .

Reid , S. ( 2007 ), “ Identifying social consequences of rural events ”, Event Management , Vol. 11 Nos 1-2 , pp. 89 - 98 .

Robertson , M. , Yeoman , I. , Smith , K.A. and McMahon-Beattie , U. ( 2015 ), “ Technology, society, and visioning the future of music festivals ”, Event Management , Vol. 19 No. 4 , pp. 567 - 587 .

Robinson , M. , Picard , D. and Long , P. ( 2004 ), “ Festival tourism: producing, translating, and consuming expressions of culture(s) ”, Event Management , Vol. 8 No. 4 , pp. 187 - 242 .

Sigala , M. ( 2018a ), “ Festivals and social media: a co-created transformation of attendees and organisers ”, in Mair , J. (Ed.), The Handbook of Festivals , Routledge , Abingdon .

Sigala , M. ( 2018b ), “ Social media and the transformation of the festival industry: a typology of festivals and the formation of new markets ”, in Mair , J. (Ed.), The Handbook of Festivals , Routledge , Abingdon .

Silvers , J.R. , Bowdin , G.A. , O’Toole , W.J. and Nelson , K.B. ( 2005 ), “ Towards an international event management body of knowledge (EMBOK) ”, Event Management , Vol. 9 No. 4 , pp. 185 - 198 .

Son , S.M. and Lee , K.M. ( 2011 ), “ Assessing the influences of festival quality and satisfaction on visitor behavioral intentions ”, Event Management , Vol. 15 No. 3 , pp. 293 - 303 .

Stadler , R. , Fullagar , S. and Reid , S. ( 2014 ), “ The professionalization of festival organizations: a relational approach to knowledge management ”, Event Management , Vol. 18 No. 1 , pp. 39 - 52 .

Van Niekerk , M. and Coetzee , W.J.L. ( 2011 ), “ Utilizing the VICE model for the sustainable development of the Innibos Arts Festival ”, Journal of Hospitality Marketing & Management , Vol. 20 Nos 3-4 , pp. 347 - 365 .

Van Winkle , C.M. , Halpenny , E. and MacKay , K. ( 2018 ), “ Information and communication technology and the festival experience ”, in Mair , J. (Ed.), The Handbook of Festivals , Routledge , Abingdon .

Williams , N.L. , Inversini , A. , Buhalis , D. and Ferdinand , N. ( 2015 ), “ Community crosstalk: an exploratory analysis of destination and festival eWOM on Twitter ”, Journal of Marketing Management , Vol. 31 Nos 9-10 , pp. 1113 - 1140 .

Yeoman , I. ( 2013 ), “ A futurist’s thoughts on consumer trends shaping future festivals and events ”, International Journal of Event and Festival Management , Vol. 4 No. 3 , pp. 249 - 260 .

Yoo , J.J.E. and Weber , K. ( 2005 ), “ Progress in convention tourism research ”, Journal of Hospitality & Tourism Research , Vol. 29 No. 2 , pp. 194 - 222 .

All feedback is valuable

Please share your general feedback

Join us on our journey

Platform update page.

Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

Questions & More Information

Answers to the most commonly asked questions here

Hikester - The Event Management Application

Ieee account.

Change Username/Password
Update Address

Purchase Details

Payment Options
Order History
View Purchased Documents

Profile Information

Communications Preferences
Profession and Education
Technical Interests
US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support
About IEEE Xplore
Accessibility
Terms of Use
Nondiscrimination Policy
Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Sensors (Basel)

Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

Associated data.

Not applicable.

Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.

1. Introduction

Cybersecurity risks affecting industrial control systems (ICT) have grown enormously during the past couple of years, mainly due to increased activity by nation-states and cyber criminals. Attackers have become more sophisticated and dangerous and their appropriate and timely detection has become a real challenge. Examples of current cybersecurity incidents affecting IT and ICT are [ 1 ]: ransomware attacks; malware having impact on the utility’s ability to conduct business and operations; phishing campaigns directed to executives, executive assistants, SCADA engineers, IT administrators or other privileged users; business email compromise incidents, including account takeover or impersonation of executives; data leakage and thefts; social engineering to gather sensitive information from personnel.

According to a recent report from NIST [ 2 ], cybersecurity solutions in industrial control systems should provide real-time behavioral anomaly detection, enable faster incident management and allow for intelligent visualization of the network and all its interconnected nodes. Security Information and Event Management (SIEM) systems consider the aforementioned capabilities as built-in features.

In general, SIEMs have the capacity to collect, aggregate, store, and correlate events generated by a managed infrastructure [ 3 ]. They constitute the central platform of modern security operations centers as they gather events from multiple sensors (intrusion detection systems, anti-virus, firewalls, etc.), correlate these events, and deliver synthetic views of the alerts for threat handling and security reporting [ 4 , 5 ]. Besides these key capacities, there are many differences between the existing systems that normally reflect the different positions of SIEMs in the market.

Several companies have developed SIEM software products in order to detect network attacks and anomalies in an IT system infrastructure. Among them, we can find classical IT companies (e.g., HP, IBM, Intel, McAfee), others with more visionary options (e.g., AT&T Cybersecurity/AlienVault’s SIEMs), and promising tools to be taken into consideration in a SIEM context (e.g., Splunk).

In this paper, we review the most widely used security information and event management tools (commercial and open source) aiming at identifying their main characteristics, benefits, and limitations to detect and react against current attack scenarios. We provide an in-depth analysis of the features and capabilities of current SIEMs and focus on their limitations in order to propose potential enhancements to be integrated into current SIEM platforms. An analysis of external factors (e.g., political, economical, societal) that could potentially affect future SIEMs in the mid and long term is provided as a way to identify enablers and barriers to the new generation of SIEM systems. In addition, an overview of SIEM solutions in critical infrastructures is provided to identify potential usage of these tools. To the best of our knowledge, this paper is the first academic work to systematically analyze the current landscape of SIEM systems.

Paper Organization: The remainder of the paper is structured as follows: Section 2 introduces the main commercial and open source SIEM solutions available on the market. Section 4 analyzes the limitations of current SIEMs and presents potential capabilities for enhancements. Section 5 analyzes the future of SIEMs based on external factors. Section 6 proposes potential enhancements for the next generation of SIEMs. Section 7 provides an overview of the importance and usage of SIEM systems in critical infrastructures. Related works are presented in Section 8 . Finally, conclusions are presented in Section 9 .

2. SIEM Solutions

Security Information and Event Management (SIEM) systems have been developed in response to help administrators to design security policies and manage events from different sources. Generally, a simple SIEM is composed of separate blocks (e.g., source device, log collection, parsing normalization, rule engine, log storage, event monitoring) that can work independently from each other, but without them all working together, the SIEM will not function properly [ 3 ]. Figure 1 depicts the basic components of a regular SIEM solution.

An external file that holds a picture, illustration, etc.
Object name is sensors-21-04759-g001.jpg

SIEM basic components.

SIEM platforms provide real time analysis of security events generated by network devices and applications. In addition, even though the new generation of SIEMs provide response abilities to automate the process of selecting and deploying countermeasures, current response systems select and deploy security measures without performing a comprehensive impact analysis of attacks and response scenarios.

Besides these common features, current SIEMs present differences that classify them as leaders, challengers, niche players, or visionaries, according to the Gartner’s SIEM Magic Quadrant annual report. This section introduces the main SIEM solutions available on the market to date and provides the main advantages and drawbacks of each of them based on the most recent Gartner report and research works related to the SIEM technologies [ 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 ]. Please note that in this section we have considered the list of SIEM solutions proposed by Gartner during the last decade in their annual Magic Quadrant report, as such, the list of SIEM vendors presented in Table 1 makes reference only to the solutions selected and published by Gartner, and discards other commercial and open-source SIEMs that did not meet Gartner’s criteria.

SIEM vendors classification.

★ Leader ⧫ Challenger ▲ Niche Player ■ Visionary.

2.1. SIEM Classification

The analysis and evaluation of security systems have been widely proposed in the literature. While some research focuses on the commercial aspects, others concentrate on the technical features that could be improved in current SIEM solutions. Well known institutions like Gartner [ 20 ], for instance, propose a commercial analysis of SIEM systems based on the market and major vendors, for which a report is released on an annual basis to position SIEM vendors as market leaders, challengers, niche players, or visionaries.

Other security institutions (e.g., Techtarget ( http://searchsecurity.techtarget.com/ accessed on 12 January 2021) and Info-Tech Research Group ( http://www.infotech.com/ accessed on 12 January 2021)), have widely reported on the capabilities of SIEM solutions and on the way SIEM vendors can be compared and assessed. Techtarget, on the one hand, releases periodic electronic guides about securing SIEM systems and how to define SIEM strategy, management and success in the enterprise [ 21 ]. Info-Tech, on the other hand, provides technical reports on the SIEM vendor landscape [ 22 ] focusing on the benefits and drawbacks of major commercial SIEMs. Both organizations take the Gartner Magic Quadrant as the baseline for their analysis.

During the last decade, Gartner has classified SIEM solutions as leaders (organizations that execute well against their current vision and are well positioned for tomorrow), visionaries (organizations that understand where the market is going or have a vision for changing market rules, but do not yet execute well), niche players (organizations that focus successfully on a small segment or are unfocused and do not out-innovate or outperform others), and challengers (organizations that execute well today or may dominate a large segment, but do not demonstrate an understanding of market direction).

Table 1 shows the evolution of SIEM solutions (and SIEM vendors) from 2010 to 2020. Note that the latest report to date was released in January 2020 (no report was delivered in 2019). From Table 1 , the star indicates those that have been leading the market, challengers are identified with a lozenge, niche players are identified with a triangle, and visionaries are identified with a square. It is important to highlight that very few of them appeared every year in the top ranking assessment during the whole decade period. This is the case of RSA, the security division of EMC Corporation (Dell Technologies), which offers a NetWitness Platform evolved SIEM; IBM, which offers a tool called Qradar; NetIQ/Microfocus/ArcSight, offering the ArcSight Enterprise Security Manager; McAfee/Intel, offering the McAfee Enterprise Security Manager, and LogRhythm, offering the Nextgen SIEM platform.

Note that some solutions have been merged to keep with the changes and evolution of the market. This is the case of IBM and Q1 labs (that offered a joined solution in 2012 and 2013); NetIQ and Novell (2012); HP and ArcSight (2013); AccelOps and Fortinet (2016), and more recently, Micro Focus and ArcSight, as well as Micro Focus and NetIQ (2017). Some of these joined solutions are no longer available in 2021.Another important aspect to note is that some SIEM vendors have been in the top Gartner classification list ever since they first appeared in the market (e.g., Splunk, AlientVault/AT&T Cybersecurity, SolarWinds, EventTracker, Fortinet, MicroFocus). Some others have joined the list in the past couple of years with User and Entity Behavior Analytics (UEBA) features (i.e., Manage Engine, Venustech, Rapid7, Exabeam, Secureonix, LogPoint, and HanSight).

A recent study [ 22 ] considers 22 players in the 2020 SIEM vendor map based on three main capabilities: (i) threat intelligence detection, (ii) compliance, and (iii) log management. Besides threat intelligence, compliance, and log management, SIEM developers are considering UEBA capabilities and smart dashboards as innovations to be added to their solutions. As a result, new SIEM systems will help security administrators with pre-built dashboards, reports, incident response workflows, advanced analytics, correlation searches, and security indicators [ 23 ]. In addition, an in-depth analysis of SIEMs extensibility [ 19 ] revealed that current SIEM solutions need to improve features such as behavioral analysis, risk analysis and deployment, visualization, data storage, and reaction capabilities, in order to keep up with the market.

2.2. SIEM Tools

Considering the previous information about SIEMs, Table 2 summarizes some of the most promising SIEMs to date.

SIEM tools/vendor characteristics.

3. SIEM Features and Capabilities

Fundamentally, all SIEMs have the capacity to collect, store, and correlate events generated by a managed infrastructure [ 64 ]. Besides these key capacities, there are many differences between existing systems that normally reflect the different positions of SIEMs in the market. This section provides a list of features to be considered in the analysis of SIEM solutions. Based on our experience with different commercial SIEMs and contrasting the identified information related to the usage of commercial and open-source SIEMs from the literature, Table 3 summarizes this analysis and assesses each SIEM feature as low/basic (poorly implemented or not implemented at all), average (partly implemented), or high/advanced (fully implemented) for the most promising SIEM solutions described in Table 2 . Please note that this assessment only includes the basic configuration of the selected SIEM solutions, no additional features (add-ons) are considered in the analysis.

Analysis of different SIEM solutions.

− Low/Basic ∘ Average • High/Advanced.

Correlation rules: The success of detecting an event by a SIEM relies on the power of the correlation rules. While most SIEMs possess basic correlation rules, few of them have robust search capabilities and support search processing languages to write complex searches that can be used on the SIEM’s data.

Data sources: One of the key features of a SIEM system is the capacity for collecting events from multiple and diverse data sources in the managed infrastructure. Most SIEMs support several types of data sources natively, including both the supported sensors, and the supported data types (e.g., threat intelligence). For other solutions (e.g., QRadar, USM) such a feature could be supported by additional components integrated to the SIEM. This feature evaluates the natively supported data sources and the possibility for a SIEM to automatically customize them.

Real time processing: This feature considers the ability of a SIEM to handle real-time data under constant change. It evaluates the real-time controls, monitoring, and pipelining capabilities deployed by the tool in preventing or reacting to cybersecurity incidents, as well as the performance computation capabilities that SIEMs have to analyze millions of events in real time. All the studied SIEMs have advanced real time processing capabilities.

Data volume: Analyzing large volumes of data coming from different sources is important to gain more insights from the collected events and to have a better monitoring. However, keeping large volumes of collected data in a live SIEM system is often costly and impractical. This feature evaluates the possibility of current systems to support large volumes of data for correlation, indexing and storage operations.

Visualization: One of the key factors that hinder the analysis of security events is the lack of support for proper data visualization methods and the little support provided for interactive exploration of the collected data. It is therefore important to understand the capabilities of the analyzed systems in terms of creation of new data visualization methods and custom dashboards.

Data analytics: More recent versions of leading SIEMs support extensive integration with application and user-based anomaly detectors. These capabilities include the analysis of the behavior of employees, third-party contractors, and other collaborators of the organization. For this, the SIEM must comprise the management of user/application profiles and the use of machine learning techniques for detecting misbehavior.

Performance: This feature evaluates the performance of a SIEM solution in terms of computational capacity, data storage capabilities (e.g., read/write), rule correlation processing (e.g., high performance correlation engine), as well as data search, index, and monitoring.

Forensics: In addition to logging capabilities, some SIEMs (e.g., ArcSight, LogRhythm) offer built-in network forensic capabilities that include full session packet captures from network connections considered as malicious aiming at converting packet data into documents, web pages, voice over IP, and other recognizable files. Some other products (e.g., QRadar, Splunk) are able to save individual packets of interest when prompted by a security analyst, but do not automatically save network sessions of interest [ 16 ], and the rest of studied solutions have no built-in network forensic capabilities.

Complexity: SIEMs are known for being difficult to deploy and manage. However, it is important to understand if the analyzed system can be installed for testing with low or moderate effort. From the eight studied SIEMs, ArcSight is the tool with the highest complexity for deployment and management, whereas LogRhythm and Splunk are seen as easy and friendly tools to install, deploy, and use.

Scalability: This feature considers the ability for a SIEM deployment to grow not only in terms of hardware, but also in terms of the number of security events collected at the edge of the SIEM infrastructure. The new digital transformation leads to more sensors and more devices (e.g., servers, agents, nodes) connected to the same network.

Risk analysis: Recent versions of leading SIEM systems (e.g., QRadar, LogRhythm, Splunk) include features for doing risk analysis on the assets of the managed infrastructure. This feature evaluates if the SIEM natively supports risk analysis or if it can be integrated with external appliances for that purpose.

Storage: Considering that SIEMs generally store information for no more than 90 days, this feature evaluates the length at which current SIEM technologies keep data stored in their systems for further processing and forensics operations.

Price: This feature evaluates the licensing method associated to the SIEM solution (e.g., enterprise, free, beta, premium) and the limits in the number of users, queries, index volumes, alerts, correlations, reports, dashboards, and automated remedial actions. Most of the studied solutions are very expensive, except for LogRhythm, USM, and SolarWinds, with more reasonable costs and the possibility to use open source solutions with more limited capabilities.

Resilience: Resilience or fault tolerance is an important feature of any critical monitoring system. It is important to understand what the fault tolerance capabilities of existing SIEMs are, for example, if the correlation engine supports fault tolerance; the way disaster recovery and replication are supported on the event storage; if the connectors support high availability features.

Reaction and reporting capabilities: This feature studies the actions that are natively supported by the SIEM to react against security incidents (including sharing and reporting capabilities) and the way such actions are expressed to the correlation engine.

UEBA: This feature evaluates if the SIEM solution presents native User and Entity Behavior Analytics (UEBA) capability, or if it provides integration with third-party UEBA solutions.

Security: This feature evaluates the ability to implement security automation as well as native encryption capabilities present in the SIEM during the monitoring, detection, correlation, analysis, and presentation of the results.

4. Limitations of Current SIEMs

Even though the new generation of SIEMs provides powerful features in terms of correlation, storage, visualization, and performance, as well as the ability to automate the reaction process by selecting and deploying countermeasures [ 65 , 66 ], current response systems are very limited and countermeasures are selected and deployed without performing a comprehensive impact analysis of attacks and response scenarios [ 67 ].

In addition, most SIEMs support the integration of new connectors or parsers to collect events or data, and provide APIs or RESTful interfaces to collect the events at a later date. These mechanisms allow creating add-ons and extensions to existing systems. Future SIEMs must exploit this feature in order to enhance the quality of the events fed to the system (e.g., using new monitoring systems or collecting external data from open source intelligence) through custom connectors, and provide new visualization tools by collecting data from the SIEM data repository.

This section details the main limitations found in current SIEM solutions and provides some perspectives on possible enhancements.

4.1. Incomplete Data

Although current SIEMs deal with tons of data, none of them have all the data needed to process and detect all security incidents. The reason is that it is not cost-effective to capture and process all the required data. Typically, all SIEMs correlate logs from VPNs, firewalls, domain controls, failed connections, etc. Most SIEMs are able to correlate logons, malware, and web logs, but just few of the current SIEMs correlate DNS traffic, end-point data logs, and email logs. As a result, it is not possible to know who everyone is in the system [ 68 ].

Identity is fragmented, people possess shared accounts and different roles are associated to the same user, but by law, we cannot disclose the identity of a given person since it generates privacy issues, as presented in the General Data Protection Regulation (GDPR) [ 69 ]. If the SIEM is not able to capture all data about users and high value assets, correlation will never work properly, resulting in large number of false positives and negatives. The next generation of SIEMs must, therefore, meet the privacy requirements of the GDPR while providing enough information for analysts to identify security incidents [ 70 ].

The reviewing of existing SIEMs allowed us to confirm that these systems do not provide high-level security risk metrics. A major advance on current SIEMs will be the development of useful operational metrics that allow SOCs to make decisions supported by quantitative evidence, where uncertainty in the measures is explicitly stated, and with better visualization support to enable better communication of these decisions to the relevant stakeholders in the organization [ 71 , 72 ]. Such measurements must be supported on several layers of defense (e.g., firewalls, IDSs, anti-virus products, operating systems, applications) and different products of each type.

Although cost sensitive metrics are hard to compute due to the difficulty in estimating security costs of organizations, novel SIEMs must approach this category of metrics using high-granularity estimation of costs.

Future SIEMs must explore and implement novel unsupervised techniques that combine statistical and multi-criteria decision analysis to automatically model applications and users’ behaviors, and subsequently identify anomalies and deviations from known good behaviors that are statistically relevant. This will lead to the deployment of enhanced application monitoring sensors, which will feed SIEM systems with diverse types of events that can be correlated with more traditional security events collected from host and network-based appliances.

By combining anomaly-based events with those provided by more traditional heuristic and signature based tools, SIEMs will improve the false positive rates of these components, which have traditionally been the main stumbling block of their wide adoption in real operations.

4.2. Basic Correlation Rules

SIEM platforms provide real-time analysis of security events generated by network devices and applications [ 3 ]. These systems acquire high volumes of information from heterogeneous sources and process them on the fly. Their deployment thus focuses, firstly, on writing ad hoc collectors and translators to acquire information and normalize it, and secondly, on writing correlation rules to aggregate the information and reduce the amount of data. This operational focus leads SIEM implementers to prioritize syntax over semantics, and to use correlation languages that are poor in terms of features [ 73 ]. However, as the number of attacks, and thus the diversity of alerts received by SIEMs increases, the need for appropriate treatment of these alerts has become essential.

Current SIEM correlation rules are weak [ 74 ]. Most of them use basic boolean chaining of events that check for a specific attack path (one from the many thousands of possibilities). Very few SIEM solutions have a built-in advanced correlation engine able to perform the deviation and historical correlation useful for instance to check after zero-day attack detection.

4.3. Basic Storage Capabilities

For most existing SIEM solutions, once data is archived and is out of the live system, the SIEM will not use it. Moreover, how archived data is handled or where it is stored or transferred is up to the user and is usually done manually. As there are diverse options for where to store archived data some SIEM users will opt for attached storage, others will use an in-house distributed file system, e.g., Hadoop Distributed File System (HDFS) [ 75 ], a commercial cloud storage solution like Amazon S3, Amazon Glacier, or even use “scp” operations to another device.

Regardless of the archiving solution employed, the actual archiving process consists of running scripts that are often custom built for a specific IT environment. Therefore, a script used by one customer may not be useful for another customer’s need, and a change in the archive option requires rewriting the archiving script.

Furthermore, archiving retired data from a SIEM can be costly and can pose security and reliability problems if the archived data is not handled correctly.

Current infrastructures usually store raw events for a limited amount of time (e.g., 6 months) to limit the storage space used for such archival (e.g., 6 TB). Given that some advanced persistent threats are detected many months after their inception in the system [ 76 ], such storage capabilities might be insufficient to help with certain incidents.

Although promising, most companies avoid using the cloud due to concerns related to the confidentiality of the events (that contain sensitive information [ 69 ]) and concerns related to trusting such important data to third parties [ 77 ].

The goal of future SIEMs must focus on offering a secure and elastic solution for data archival regardless of the data retention needs with the ability to customize policies to fit retention requirements.

4.4. Reliance on Humans

Research in SIEM technologies has traditionally focused on providing a comprehensive interpretation of threats, in particular to evaluate their importance and prioritize responses accordingly. However, in many cases, threat responses still require humans to carry out the analysis and make decisions with respect to understanding the threats, defining the appropriate countermeasures, and deploying them. This is a slow and costly process, requiring a high level of expertise, and remains error prone nonetheless. Thus, recent research in SIEM technologies has focused on the ability to automate the process of selecting and deploying countermeasures.

According to Scarfone [ 78 ] automated reactions must consider: (i) time-line: the time that a SIEM takes to detect an attack and direct the appropriate security control to mitigate it; (ii) security: the communications between the SIEM and the other security controls protected so as to prevent eavesdropping and alteration; (iii) effectiveness: the ability for a SIEM product to stop attacks before damage occurs.

4.5. Basic Reaction and Reporting Capabilities

Traditionally, SIEMs support the creation of security directives for detecting suspect behavior in the system and reporting alarms. However, these directives/rules could, in principle, be used to trigger actions for modifying the managed infrastructure (e.g., changing the configuration of firewalls or NIDS).

For some SIEMs, it is possible to use automatic triggers to perform external actions (e.g., send emails, execute scripts, open tickets), usually through a command line. However, most of these systems do not provide pre-configured and customized actions to be triggered when a specific condition or set of conditions are fulfilled. They generally focus on the creation, distribution, and management of reports.

In addition, some SIEMs require the use of additional solutions (e.g., add-ons, appliances, extensions) to provide automatic reactions when an alarm is detected.

An important part of the design for security is defense in depth [ 79 ] using layers of defense that reduce the probability of a successful attack (or at least contain its effects). This requires the use of diversity, including but not limited to the use of multiple intrusion detection systems (IDSs) and disparate open-source intelligence data (e.g., infrastructure-related information about security from open-source intelligence data available on diverse sources from the internet). There has been only sparse research on how to choose among alternative layered defenses; occasionally, unsuitable models appear relying on the naive assumption of independent failures between the diverse components [ 80 ]. Security engineers have little or no theory to guide their decisions about diversity, although unaided intuition can be very misleading (e.g., Littlewood and Wright [ 81 ]).

SIEMs already provide the functionality for reading logs from multiple different security monitors and detection tools at different layers. Future SIEMs should build tools that allow consolidation of outputs from multiple diverse monitors of similar type, which may be monitoring similar types of assets. This will help in improving the accuracy of the detection, and reducing the false alarm rates that are reported back to the SOCs.

Even though the need and relevance for providers of security services having Cyber Security Reporting Systems (CSRS) was identified almost two decades ago [ 82 ], there is still a lack of solutions focused on the management and generation of mandatory incident reporting according to different regulatory frameworks. In addition, although the growing quantity of existing regulations and legislation addressing cybersecurity incidents has created a need for studies on cybersecurity incident reporting for specific areas (e.g., nuclear facilities [ 83 ], safety-critical ystems [ 84 ]), currently this functionality is very limited in most commercial and open-source SIEMs. Solutions such as IBM QRadar, AT&T USM anywhere, or Splunk generate reports about detected security incidents, nonetheless, such reports do not follow standards or common templates, and the information included does not cover what is required for mandatory incident reporting to the different supervisory authorities [ 85 ].

4.6. Limited Data Visualization

During the reviewing of the state-of-the-art of existing SIEMs, we observed that the reporting and data visualization capabilities are limited in terms of supporting the effective extraction of actionable insights from the huge amount of data being collected by the systems. Although all SIEMs offer data visualization capacities to their users, most often the visual representations are generic, not designed with particular user needs in mind, or even are too highly rudimentary to have any significant effect on how the generated data is utilized [ 86 ].

In addition, existing systems do not have the capacity to use diverse data modes, e.g., statistical modeling outputs, OSINT data collections, or comprehensive models of user behavior. These novel data facets, when combined with the data already being gathered, offer challenges and opportunities for a new generation of SIEMs.

To enhance the visualization capability of existing systems, SIEMs must focus on flexible platforms able to work with several data sources that carry heterogeneous characteristics and with data that is under constant change, i.e., real-time streaming data. In addition, visualization must enable security analysts to better profile the system with novel representations that communicate the provenance of an attack, ongoing activities, vulnerabilities, and the characterization of sessions/users [ 87 , 88 ].

5. The Future of SIEMs

The changing nature of security threats, the proliferation of mobile devices, globalization, the explosion of social media, and quick changes in regulation are speeding the evolution of Security Information and Event Management. The purpose of this section is to analyze the external factors that could potentially affect the future of SIEM systems and their related technologies in the mid-term and long-term based on political, economical, societal, technological, legal, and environmental factors [ 89 , 90 , 91 ]. We employ the PESTLE [ 92 ] analysis aiming at identifying the enablers and/or barriers that could directly or indirectly affect the evolution of SIEMs.

5.1. Political Factors

Protection of individual properties and sensitive business or personal information in the cyberspace is becoming critical and political organizations must take part in this. They must design the security framework, principles, and rules to reduce the risks in the population. This risk may economically affect private companies and public institutions. These regulations may affect the evolution of SIEMs in the future, since, in some instance, they analyze sensitive information to detect security events in the network.

Recently the EU Commission announced an increase (expected to trigger EUR 1.8 billion of investment by 2020) in the investment on cybersecurity in order to put more efforts to reduce cyber-threats in the European Union [ 93 ]. In addition, according to Andrus Ansip, Vice-President for the Digital Single Market, without trust and security, there can be no Digital Single Market. Europe is proposing concrete measures to strengthen resilience against cyber-attacks and secure the capacity needed for building and expanding the digital economy. Furthermore, Gunther H. Oettinger, Commissioner for the Digital Economy and Society, considers that Europe needs high quality, affordable, and interoperable cybersecurity products and services [ 93 ].

This is an initiative of the Commission to establish contractual Public Private Partnership [ 94 ] (cPPP) on cybersecurity between the European Union and the European Cybersecurity Organization. The adoption and evolution of SIEMs can then be empowered by this investment in cybersecurity.

5.2. Economic Factors

Among the economic factors that will affect the future of SIEMs the following can be highlighted:

Short term/temporary work. In 2014 the main type of employment relationship in the EU was full-time permanent contracts, with 59% of the share of employment, although this is decreasing while the share of non-standard forms of work is increasing. If this trend continues, it may well become the case that standard contracts will only apply to a minority of workers within the next decade [ 95 ]. Due to the new types of work, tending to shorter term jobs, people do not stay in the same company for a long time, especially in the first period of their career. The consequence is that companies need to minimize the employee’s ramp up to learn a new tool, or a new way of working. Therefore, this factor makes it essential that future SIEMs have improved and more friendly interfaces at the level of decision taking, configuration rules, links to new sources, and sensors.
Freelance. Self-employment is increasing against the usual company paid employment [ 96 ]. Freelancers do not work for a company as an employee but as a service provider. This type of work may be a threat for companies because the devices used by freelancers do not belong to the IT department and cannot be easily monitored. Furthermore, they do not have strong bonds with the company that hires their services. However, freelance cybersecurity consultants can be a good choice for SIEM providers because they may possess a wider knowledge about potential threats affecting an organization, since they accumulate a lot of experience from different companies.
Cyber security jobs are continuously growing. The estimated growth in cybersecurity jobs is of 35% by 2020 [ 97 ]. This reflects the importance of cybersecurity for the companies, and that can be an opportunity for SIEMs to grow in the market.
Bigger companies, globalization. The global market makes it easier for big technological companies to survive and grow more [ 98 ]. However, the level of criticality of that information may be higher. Future SIEMs should be dimensioned for such big companies and global networks.
Small and medium sized enterprises. SMEs will become bigger targets of cyber-attacks in the future [ 99 ]. They should be the new target for SIEM market growth, making models like SIEM as a service more attractive to SMEs.

5.3. Societal Factors

Society is becoming strongly dependent on information and communications technology (ICT), which is leading to a rapid social, economic, and governmental development. The following introduces how the changes in societal habits related to technology will affect the future of SIEMs.

Generation Z. Modern generations understand the world as a big network in which everything is connected to the internet. It can be assumed that people of the future will be more aware of cybersecurity and will bring companies clearer awareness of the risks associated to threats in the network [ 100 ].
Growth of social networks. There is a huge growth of social networks usage among the young generations in the last few years. Social network activity is a source of data that should not be disregarded, and it can be of very high importance in security events analysis [ 101 ].
Cyber-attacks. In the new connected societies, the development of the internet has led to a new type of attacks, i.e., cyber-attacks. Attacks to critical infrastructures can be considered the new weapons, which makes SIEMs essential in any infrastructure in which data is of relevance or whose attack may cause operation disruption, even damage to population, not only from a single company’s perspective but also from users, citizens, and (more generally) people’s perspective [ 102 ].
Deep web. The deep web is the part of the World Wide Web whose contents are not indexed by standard search engines [ 103 ]. This can be considered as a barrier by SIEM systems, since it makes it difficult to retrieve data from the network.

5.4. Technological Factors

Among the technological trends that will affect the way SIEMs evolve in the future, the following can be highlighted:

Cloud storage. This technology can be clearly seen as an enabler in SIEM technology since big data analytics of network events can be performed in a more efficient way, without worries about the amount of logs, information, etc., that are stored.
Cloud service integration. This is treated separately to cloud storage because it is more focused on executing software in a remote server, and not only keeping data “statically” in a cloud infrastructure. This technology makes it possible to ensure scalability and high availability of software applications since they are not restricted to the hardware of a local server, and can be launched from anywhere.
Mobile technologies. The growth of mobile devices brings new threats that should be analyzed by SIEM systems. In this respect, it is a trend that employees use company-owned devices as well as personal devices for office work. A need would be to secure corporate data. Working at home, e.g., with a personal computer, what now is commonly called BYOD (Bring Your Own Device), is a trend in cybersecurity [ 104 ]. However, this leads to several potential problems: BYOD devices are not managed by the IT team so they are not under the policy control of the company; some BYODs do not have any security solution pre-installed; data in these devices is not encrypted; applications installed in those devices cannot be tracked.
Big data analytics. As introduced before, SIEMs are evolving to data analytics systems. Data in a connected environment grows exponentially and makes it necessary to have powerful analysis tools capable of real time analysis of events, support to decision making, etc. The growth in data analytics methods is clearly an enabler for SIEM systems.
Machine learning technologies. New high performance computers, with powerful hardware and modern programmatic languages, together with the data analytics explained above, are making it possible to create data models fed by the experience of cause-effect analysis. SIEMs can take advantage of these technologies to make event detection and decision making smarter [ 105 ].
Internet of Everything. The Internet of Everything (IoE) [ 106 ] is a ubiquitous communication network that effectively captures, manages and leverages data from billions of real-life objects and physical activities. It extends the concept of Internet of Things (IoT) by also including people, processes, locations, and more. The impact of this technology on SIEMs is that they provide large amount of data and events for analysis.
5G Networks. 5G represents the next generation of communication networks and services, an approach for fulfilling the requirements of future applications and scenarios. This technology will increase the data transfer speed, and then could affect the amount of data analyzed by a SIEM in a network per time unit. This can impose a difficulty for SIEMs in events detection.
Social media analytics. Social networks like Twitter provide a wealth of information that may be explored by cybersecurity companies as well as by hackers, as attack victims use on-line social media to discuss their experience and knowledge about attacks, vulnerabilities, and exploits.

5.5. Legal Factors

In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. On 4 May 2016, the official texts of the Regulation and the Directive REGULATION (EU) 2016/679 were published in the EU Official Journal [ 107 ]. While the Regulation entered into force on 24 May 2016, it was set to apply from 25 May 2018. The EU Member States had to transpose the directive into their national law by 6 May 2018.

The objective of this new set of rules is to give back citizens the control over their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritized. The reform will allow European citizens and businesses to fully benefit from the digital economy [ 108 ].

A number of provisions of the Directive contain a substantial degree of flexibility in order to find an appropriate balance between protections of the data subject’s rights on the one side and on the other side the legitimate interests of data controllers [ 109 ].

In order to understand how this regulation may affect the data collected by SIEMs, we can see for example how EC understands the propriety of the IP address in a network (commonly analyzed by security software). In the internet, every computer is identified by a single numerical IP address of the form A.B.C.D. where A, B, C, and D are numbers in the range of 0 to 255. The working party has considered IP addresses as data relating to an identifiable person, especially in those cases where the processing of IP addresses is carried out with the purpose of identifying the users of the computer (for instance, by copyright holders in order to prosecute computer users for violation of intellectual property rights), the controller anticipates that the “means likely reasonably to be used” to identify the persons will be available, for example, through the courts appealed to (otherwise the collection of the information makes no sense), and therefore the information should be considered as personal data [ 110 ].

Consequently, the way SIEMs process and store data must be in line with the directives on data protection. Moreover, the regulation in data protection affects the SIEMs in the way they can store the data, where the database is located, and that the stored data is kept with adequate level of protection.

5.6. Environmental Factors

SIEM challenges will continue to evolve as security managers grapple with cloud services, mobile, the Internet of Things, and other new technologies the IT department does not always control. IoT will be a huge factor as it drives the number of endpoints vulnerable to attackers [ 111 , 112 ]. It gets harder for cybercriminals to infiltrate computers but is still fairly easy to hack cameras, refrigerators, microwaves, Bluetooth tools, and other connected devices and use them as an attack vector.

The growth of cloud, especially for small and medium businesses (SMBs), has transformed how businesses store and handle data. Companies once intimidated by the high price of data storage, benefit from SIEM providers like ArcSight, Nitro, and others that deploy modules from the cloud [ 111 ].

Cloud services and IoT devices will rapidly generate increasing amounts of data, and SIEM systems will have to adapt by learning to collect and organize the influx of information.

6. Potential Enhancements of Future SIEMs

SIEMs are mostly used in IT infrastructures where automated detection and reaction is possible. However, in critical infrastructures, these tools require manual intervention and in-depth analysis of events before implementing a security countermeasure. This section provides potential enhancements on the future generation of SIEMs considering the following aspects:

6.1. Diverse Security

Enhancing SIEMS with diversity-related technologies provides a major improvement of current solutions. Special attention must be paid to diversity measures—i.e., how similar or different security protection systems, vulnerabilities, attacks, etc., are from each other. These types of diversity metrics are less studied in the literature compared with metrics for individual components.

Future SIEMs must define security metrics that consider quantitative and probabilistic methods to support decisions on how best to combine multiple defenses given a threat environment [ 113 , 114 ]. This involves understanding how the strengths and weaknesses of diverse defenses add up to the total strength of the system.

The security community is aware of diversity as potentially valuable [ 115 ]. The literature touches on the use of ensemble methods to assess the results of classification systems for security [ 116 ]; however, SIEMs should focus in diverse inputs rather than the aggregation of diverse machine learning techniques.

6.2. OSINT Data Fusion

A potential enhancement for current SIEMs could be the use of language processing to identify threats from the use of keywords that typically indicate a threat in major languages; such as “ddos”, “security breach”, “leak”, and more [ 117 , 118 , 119 ]. This information can be used to tag OSINT data as relevant or irrelevant. In addition to the type of threat, other information from the OSINT sources such as location and entities involved could also be extracted to provide a more comprehensive description of the threat. The prediction confidence of the classifier can be included in the data sent to SIEMs, which will help to avoid the issue of false alarms.

6.3. Enhanced Visualisation

To enhance the visualization capability of existing SIEMs, we identify the following improvements [ 86 ]:

Design and develop a rich set of specialized visualization models that handle diverse types of data e.g., high-dimensional, temporal, textual, relational, spatial.
Provide effective overviews, interactive capabilities to focus on details, and mechanisms to compare individual and/or groups of data instances.
Design and develop visualization models capable of handling the dynamic nature of the data (e.g., streaming system activity logs, OSINT data, etc.) to support real-time analysis and decision-making.
Develop a visual summary of user activities that reveals common/abnormal patterns in a large set of user sessions, compares multiple sessions of interest, and investigates in depth of individual sessions.

6.4. Enhanced Storage

In addition, archiving retired data from a SIEM can be costly and can pose security and reliability problems if archived data is not handled correctly. A potential solution for these issues could be to develop a SIEM extension that handles data archiving in a reliable, flexible, and secure manner leveraging public Clouds (e.g., Amazon S3, Amazon Glacier, Windows Azure, Blob Store, etc.). The goal is to offer a secure and elastic solution for SIEM data archival regardless of the data retention needs with the ability to customize policies to fit retention requirements [ 120 ].

6.5. Integration with Security Orchestration Automation and Response (SOAR)

SOAR refers to three main security topics: (i) security orchestration, focusing on the workflow management, integration and unification of components involved in security operations; (ii) security automation, responsible for automating repetitive controls, tasks and processes taking place in security operations; (iii) security incident response, focusing on the identification and management of security threats and incidents. SOAR solutions would ideally complement the capabilities of current SIEMs, which together with additional technologies such as Threat Intelligent Platforms (TIPs) [ 121 ], Endpoint Detection and Response (EDR) [ 122 ], or Next-Generation Firewalls (NGFW) [ 123 ] are seen as a proactive platform for early detection, prevention, and response of cybersecurity threats and attacks [ 124 , 125 , 126 ].

The next generation of SIEMs must integrate evolved and adaptive SOAR solutions with advanced capabilities that enable dynamic interactions at all phases of the incident workflow to quickly deal with existing and emerging threats [ 127 , 128 ]. Examples of enriched adaptive SOAR include the NextGuard Adaptive security Operations suite from Nokia NextGuard ( https://www.nokia.com/networks/solutions/netguard-adaptive-security-operations/ accessed on 7 June 2021), the Splunk adaptive Operations Framework (AOF) ( https://www.splunk.com/en_us/solutions/solution-areas/security-and-fraud/adaptive-response-initiative.html accessed on 7 June 2021), and the Integrated Adaptive Cyber Defense (IACD) ( https://www.iacdautomate.org/ accessed on 27 May 2021).

6.6. AI/ML Capabilities

In order to improve detection, correlation and reaction capabilities, the next generation of SIEMs should integrate AI/ML technologies in their core engines [ 129 ]. AI technologies in SIEMs offer predictive capabilities particularly useful for the analysis of abnormal behavior of network traffic, tools, and users. Few of the current SIEM solutions (e.g., LogRhythm NextGen SIEM Platform ( https://logrhythm.com/products/features/ai-engine/ accessed on 28 May 2021), QRadar SIEM ( https://www.midlandinfosys.com/ibm-power/all-categories/ai-security-siem-qradar-uba.html accessed on 28 May 2021)) use machine learning (ML) to learn about threats as they acquire threat intelligence and deflect attacks in the filed [ 130 , 131 ].

One step forward for cyber threat detection, mitigation, and prevention is to consider AI/ML in SOAR solutions which would be ideally integrated in SIEM platforms. AI/ML-powered defense systems are able to analyze large amount of data and identify suspicious patterns in real-time (or near real-time). The main targets for AI/ML applications include intrusion detection (network-based attacks), phishing and spam (emails), threat detection and characterization, and user behavioral analytics [ 132 ].

AI-based SIEMs are able to make decisions and/or change their behavior accordingly, which improves detection capabilities by discovering more blind spots, reduces dependencies of manual intervention, as some reactions can be automated, and minimizes false positive rates, as algorithms have the ability to accurately classify data as normal or abnormal. Ideally, next-generation SIEMs should combine rule-based analysis with the one provided by AI technologies to detect users deviations, identify changes in users activity vs. frequency, detect anomalous deviations from peer groups, prioritize users and assets, and respond to threats quickly and accurately [ 133 ].

Improvements of future SIEMs should also include creating sensors that rely on unsupervised statistical learning approaches to firstly create a baseline for normal entity behavior (users and applications alike). The scope is to be able to highlight anomalies and/or deviations from this pattern by using a SIEM scoring-alerting system. In terms of User Behavior Analysis (UBA), a set outlier detectors or classifiers as well as other unsupervised machine learning algorithms could be used in order to manage user/application profile [ 134 , 135 , 136 ].

6.7. Other Potential Enhancements

The review of existing SIEMs revealed that these systems do not provide high-level security risk metrics. The next generation of SIEMs must pursue the development of risk-based metrics considering several layers of dependencies such as hosts, applications, middleware, and services. These will allow scoring the risk for the different operational and functional areas. Attack propagation and attack impact metrics [ 137 ] could be extended to consider different hierarchical operational layers. Though cost metrics can be hard to compute due to the difficulty of organizations in estimating security costs, one potential enhancement is to approach this category of metrics using high granularity estimation of costs to define acceptable thresholds [ 138 , 139 ].

In addition, considering the fact that 5G and/or IoT technologies are expected to affect current SIEM architectures due to the increased volume of data to be processed, it will be necessary to move towards a hierarchy of SIEMs and create collaborative mechanisms that will help notify and manage relevant security incidents. In the 5G domain, for instance, a SIEM solution is currently able to cover the analysis of one network slice; however, in the near future we will require collaboration mechanisms among multiple slices. Such a mechanism can be particularly useful in architectures where detection is required to be performed closer to the edge. In the IoT domain, for instance, having several SIEM systems working in different layers (e.g., SIEMs deployed in gateways) could be of great interest. These SIEMs must be lighter and more domain-specific than current solutions.

Furthermore, integration of SIEMs with extended detection and response (XDR) platforms is expected to provide value in two different but complementary ways: (i) having SIEMs focused on compliance and evolving to serve as a broader threat and operation risk platform, and (ii) having XDR focused on threats and providing a platform for deep and narrower threat detection and response. As a result, organizations would require solutions providing detailed level of information about the network and/or user activity taking place in the cloud or locally, to detect threats more accurately [ 140 ].

Finally, considering that the use of SIEMs generally require SOC operators and that current infrastructures are more diverse and dynamic, the next generation of SIEMs must focus on providing more autonomy and less effort in its deployment and management, which in turn will decrease their cost by simplifying their usage and operation.

7. SIEMs in Critical Infrastructures

Critical infrastructures (CIs) are organizational and physical structures whose failure and/or degradation could result in significant disruption of public safety and security. They rely on the Supervisory Control And Data Acquisition (SCADA) technology to monitor industrial and complex systems based on Networked Control Systems (NCSs). CIs include sectors that account for substantial portions of national income and employment (e.g., energy, water, transport, finance, health, etc.). Most of them use Industrial Control Systems (ICS) to provide control of remote equipment (using typically one communication channel per remote station) [ 141 , 142 , 143 ].

Security in computer networks must be distinguished from security in critical infrastructure networks, since the interactions among nodes in CI networks is done in real time at a physical level. A great effort has been dedicated on the usage and implementation of cybersecurity solutions in the protection of CI networks. Nevertheless, most of the current approaches used in the cyber domain are neither suited nor feasible to be implemented in the CI domain, making it a big challenge when it comes to protecting CIs against cybersecurity threats [ 144 ].

A key objective on protecting critical infrastructures is improving their security, which involves not only enhancing physical security, (e.g., ensuring physical rooms are locked appropriately to prevent access from unauthorized people), but also implementing effective cybersecurity measures to reduce the attack surface. Although a great effort has been made on the protection of CIs against cyber-attacks, they still present significant challenges e.g., it is not possible to execute a vulnerability scanning on an ICS as it is done in virtual systems since it may take the industrial system offline and thus, could bring down a plant’s operations [ 145 ].

While classical IT networks focus more on confidentiality and integrity (ensuring data is protected), ICS focuses more on availability (ensuring the system is always up and running). Industrial systems were not designed with security in mind, they were designed simply to be operative. They are generally legacy systems running on older operating systems, typically unpatched, and fragile in many cases. Although security strategies (e.g., network segmentation, firewalls, physical air-gaps, endpoint security, etc.) are deployed to decrease risk levels, they sometimes foster a false sense of security. Malicious entities can exploit gaps in corporate networks and move laterally into industrial systems to steal data or damage critical assets [ 146 ].

Security administrators require not only the collection of huge amounts of data, but also finding connections among these data in a way that can help identifying potential threats as well as defining appropriate mitigation strategies. Although this process has traditionally been performed through SIEM systems, current solutions are not able to fully detect all types of attacks affecting critical infrastructures [ 146 ]. In addition, considering the fact that attacks have increased both in number and complexity, organizations are obliged to improve their security by using tools with more advanced capabilities for the protection, detection, and reaction against cyber and physical attacks. SIEM systems are definitely an interesting solution to cope with these challenges. They are rapidly advancing into data analytic platforms that provide high-performance correlation functionalities and are able to raise alerts from a business perspective considering different alert aggregation methods [ 5 ] and events collected at different layers in real time [ 147 , 148 , 149 ].

The remainder of this section provides examples on the usage of SIEMs solutions in different industrial sectors.

7.1. Energy Distribution

The energy sector (including the production, storage, transportation, and refining of electrical power, gas, and oil) is particularly affected by cybersecurity threats and attacks. According to a recent study, three main aspects make of this sector vulnerable to cyber-attacks: (i) the increased number of threats and actors targeting utilities; (ii) the increased attack surface, arising from their geographic and organizational complexity; (iii) the unique interdependencies between physical and cyber infrastructure in the electric-power and gas sectors. As a result, energy companies are vulnerable to a wide range of threats including billing fraud with wireless “smart meters” and even physical destruction [ 150 ].

SIEMs are being considered as an essential solution to protect the energy industry against a variety of threat scenarios. A research study [ 151 ] performed on power grid infrastructures evaluated the benefits of SIEM solutions in detecting attacks (e.g., sleep deprivation, distributed denial of service, GPS spoofing). The SIEM technology used in this domain is able to perform techniques to monitor absolute and relative signal strengths and compare received ones against expected ones in order to identify anomalies in power grid infrastructures. As a result, an alarm is raised whenever a deviation is found, and valuable information is provided to the security analyst in order to mitigate and manage detected attacks. Thus, the use of SIEM technologies is proven to be beneficial in the protection of critical assets.

7.2. Water Supply

The water sector is also affected by cyber-attacks. Threat actors can attack water at its source, treatment plants, storage facilities, or distribution centers. SIEM solutions help monitor the entire SCADA network in real time to respond to any changes in the quality of water as soon as they are detected, as they might represent a potential attack. Current version of SIEMs such as the LogRhythm NextGen SIEM Platform [ 152 ] allow security administrators to effectively observe, collect, and analyze the data from the data historian in one interface, as well as identify any deviations from the acceptable ranges (e.g., for drinking water) during a specific period of time. Examples of attacks that can be detected by correlating security events in the industrial control network include reconnaissance, network behavior changes, changes in operator or engineering user behavior, detected or failed malwares, web-based attacks targeting human machine interfaces (HMI), man-in-the-middle attacks, etc.

One of the major challenges the water sector faces is the lack of cybersecurity situational awareness and the gaps in defense in depth mechanisms. The common belief in many sectors is that a high level of security can be achieved by deploying cutting edge technologies to protect and counter potential risks. However, defense in depth cannot be achieved if organizations do not clearly understand the relationship of vulnerabilities, threats and the mitigation measures used to protect the operations, personnel, and technologies of an ICS. Defense-in-depth is a holistic approach that considers the interconnections and dependencies among the aforementioned entities while protecting the organization’s assets and using their available resources to provide effective layers of monitoring and protection based on the business’s exposure to cybersecurity risks [ 153 ].

Next-generation SIEMs must enable multiple technologies to work together over IT and OT environments instead of operating in silos, so that organizations obtain automated responses to security incidents more quickly, have a complete visibility of their networks, and are able to plug OT security gaps as well as simplified management. Fortinet ( https://www.fortinet.com/resources/cyberglossary/critical-infrastructure-protection accessed on 1 April 2021), is an example of such tools that offer protection for SCADA systems and ICS while enabling organizations to design the security of their infrastructures more efficiently and in compliance with current laws and regulations.

7.3. Transportation

Transport networks have become increasingly digitized, with a wide range of data flowing across systems, tracking and monitoring both digital and physical networks. As more devices and control systems are connected online, more vulnerabilities will appear, increasing the potential for disruption to physical assets. Threat actors can attack all transportation modes including aviation services, highway and motor carriers, maritime transport systems, and railway services [ 154 ].

As cyber technology becomes more sophisticated, the threat from attack is moving from data breaches to interrupting physical critical infrastructure, exposing transport operators to economic and reputational damage. Some of the key cyber risks affecting the transportation industry include physical asset damage and associated loss of use, unavailability of IT systems and networks, loss or deletion of data, data corruption or loss of data integrity, data breach, cyber espionage, extortion, theft, and damaged reputations. Most of these risks are realized through the exploitation of vulnerabilities that use social engineering techniques to deliver spam and phishing campaigns, inducing virus and malware installation (including ransomware) [ 155 ].

SIEM systems are essential in the improvement of the cyber and physical security in all transport services. Several solutions [ 156 , 157 , 158 ] have been proposed in the literature to protect various transport modes in the EU. As a result, it has been possible to develop cybersecurity plans aligned with the infrastructure’s overall strategy, to improve security in systems and applications, to have cybersecurity support for new developments, to raise employees’ awareness, to permanently manage security in both a preventative and reactive way, and to apply clearly defined security policies.

7.4. Healthcare

As medical procedures, diagnostics, and health data are becoming electronic, cloud-based, and distributed among numerous stakeholders, healthcare infrastructures have gained the attention of potential malicious third parties. According to an IBM survey [ 159 ], ransomware (or any kind of malware), social engineering (e.g., spear phishing), and bad practices adopted by staff and clients alike are the most common attack vectors in the sector.

In the near future, for the patient-centered healthcare model to fully function, sharing medical data and information between stakeholders and healthcare service providers is inevitable. The individualized patient approach, mobility, increased usage of personal medical devices, and commercial personal healthcare devices are making the roles of these devices and usage of their data even more indistinct. Technology and threats keep developing and only secure-by-design medical devices and services should be approved to healthcare networks. Nevertheless, there will be new cyber-attacks and new unknown vulnerabilities and threats, which is why the use of technologies (e.g., SIEM) is essential [ 160 ].

According to a recent study [ 161 ], the features that make SIEM solutions essential to be used by healthcare organizations are: (i) real-time analytics; (ii) self-learning configuration management database; (iii) scalabale log management; (iv) multi-tenant management; (v) compliance reports. SIEM solutions provide security administrators a consolidated and global look into organization’s security events which can prevent Health Insurance Portability and Accountability Act (HIPAA) violations and keep health data safe. While components of the healthcare infrastructure have their own security features, the ability to see all events in one dashboard is invaluable to protect data [ 162 ].

7.5. Financial Services

Financial organizations represent a major target for external and insider threats seeking financial gains or rewards. The major challenges faced by financial enterprises are three-fold: (i) business scaling, which exposes the sector to more potential attack vectors as the data is managed by third-parties through the use of clouds; (ii) legal and regulatory compliance, which restricts the use of personal identifiable data and requires the implementation of technologies according to privacy standards; (iii) insider threats (current or former), which generally go undetected and can cause serious harm to the business either out of ignorance or intentionally [ 163 ].

In terms of legal and regulatory compliance, a major challenge is related to a mandatory incident reporting to the competent and supervisor authorities and the need to compile information about incidents to generate and share reports that in many cases must be compliant with diverse regulations, procedures, templates, data sets, and other requirements. Although reporting is one of the key steps always present whenever a security incident takes place, there is not an agreement or a common procedure to be followed for incident reporting and sharing, even in the same sector such as the financial one. As a result, the lack of standards generates unstructured reports that cannot be easily analyzed. Key-search automated approaches for data extraction cannot be applied because they produce a high number of false associations in the analyzed reports. SIEMs must improve and simplify the process of collection and mandatory reporting and sharing of the information about major security incidents suffered by the financial institutions [ 85 ].

Modern SIEMs features User and Entity Behavioral Analysis (UEBA) to identify baseline behaviors of users, devices, and applications. Insider threats are therefore detected as soon as a user violates their baseline behaviors. In addition, SIEM solutions can detect data exfiltration through unusual network traffic and/or abnormal usage of internal resources by outsiders. SIEM solutions can also help financial enterprises achieve compliance through out-of-the-box reports and automatic report filling [ 164 ]. Other usages of SIEMs in the financial sector include account abuse (e.g., detect and respond to employees checking on dormant customer accounts), audit trial protection from unauthorized manipulation, forensics, and fraud detection [ 165 ].

8. Related Work

In addition, other security institutions (e.g., Techtarget [ 166 ], Info-Tech Research Group [ 167 ]), have widely reported on the capabilities of SIEM solutions and on the way SIEM vendors can be compared and assessed. Techtarget, on the one hand, releases periodic electronic guides about securing SIEM systems and how to define SIEM strategy, management, and success in the enterprise [ 168 ]. Info-Tech, on the other hand, provides technical reports on the SIEM vendor landscape [ 169 ] focusing on the benefits and drawbacks of major commercial SIEMs. Both organizations take the Gartner Magic Quadrant as the baseline for their analysis, leaving aside the more technical aspects to be considered in future SIEMs.

Similarly, organizations such as Solutions Review [ 22 ] offer periodic reports to guide SIEM buyers on the appropriate selection of the SIEM solution for their businesses. Authors analyze key SIEM capabilities and perform a comparison vendor map based on three fundamental aspects (i.e., compliance, log management, and threat detection). Although the report allows connecting potential buyers with vendors, it does not provide technical details of the tools nor discusses about potential capabilities to be enhanced in current SIEMs, or external factors that could affect their performance in the future.

Caccia et al. [ 68 ], provide an analysis on the future of SIEMs by discussing aspects such as limitations of current SIEMs, the need for improvements in SIEM features, and the use of User and Entity Behavior Analytics (UEBA) for effective detection and efficient response. The authors focus on technical features to be enhanced in current SIEM solutions, but no details are given on the potential barriers and enablers to be considered in the development and implementation of future SIEMs.

Kotenko and Chechulin [ 170 ] propose a framework for attack modeling and security evaluation in SIEM systems applicable for future systems of the Internet of Things. The approach concentrates on technical features (e.g., evaluating the usage of comprehensive internal security repository, open security database, service dependency graphs, attack graphs, and security metrics) to be integrated into a SIEM framework in order to enhance its functionality. As a result, the authors claim to achieve more accurate and faster evaluations of network security aspects by the use of the proposed attack modeling and security evaluation component. Besides some technical aspects, no other features are considered for the improvements of current SIEM systems.

Based on the aforementioned limitations, we propose in this paper an analysis of current SIEM solutions based on commercial and technical features that could lead to enhancements in the design, development, and implementation of the next generation of SIEMs. The analysis focuses on the limitations of current SIEMs and on external factors that could potentially affect them in the long term. It includes a review and comparison of different commercial SIEMs during the last decade.

9. Conclusions

This paper presents a commercial and technical analysis of some of the leading SIEM solutions available in the market, namely ArcSight, QRadar, McAfee, LogRhythm, USM-OSSIM, RSA, Splunk, and SolarWinds. This choice has been based on the performance and trajectory of the companies developing this technology along the past decade.

In terms of behavioral analysis, and risk analysis and deployment, techniques and tools for analyzing, evaluating, and guiding the optimal deployment of diverse security mechanisms in the managed infrastructure (including multi-level risk-based metrics) must be developed along with a framework for deploying diverse and redundant sensors.

Although most of the analyzed solutions provide user-friendly graphical interfaces, visualization and reaction capabilities are limited to deal with huge numbers of collected events. It is therefore important to develop visualization and analysis extensions, which help give users a high-level of insight into the situation and a more efficient decision making and reaction capability.

With regards to data storage and price, although most of the solutions analyzed include good data storage capabilities, they are limited by the hardware availability and they usually require additional products (and licenses based on data volume) with a consequent increase in the price. Secure and elastic solutions based on cloud-of-clouds storage for long-term SIEM data archival in diverse public clouds (e.g., Amazon S3, Amazon Glacier, Windows Azure, Blob Store, etc.), are seen as promising alternatives with the ability to customize policies to fit data retention needs.

Finally, the role of the SIEMs has also been studied in the near and long-term future taking into account different aspects (e.g., political, economic, social, technological, environmental, and legal factors) in various critical infrastructures. From this analysis we can conclude that conditions are good to foster investment in improving and extending this technology as a key component not only for industrial control systems with security operation centers, but also to provide cyber security management for SMEs with reduced security knowledge and capacities.

Acknowledgments

The authors would like to thank Ignasio Robla, Alysson Bessani, Adriano Serckumecka, Ana Respicio, Miruna. M. Mironescu, Frances Buontempo, Ilir Gashi, Ivo Rosa, and the rest of partners from the DiSIEM project for their support, hard work, and collaboration.

Author Contributions

G.G.-G. performed conceptualization, formal analysis, investigation, methodology, project administration, validation, visualization, writing original draft, and writing—review and editing. S.G.-Z. performed conceptualization, formal analysis, investigation, methodology, project administration, validation, visualization, and writing—original draft. R.D. performed conceptualization, funding acquisition, methodology, project administration, supervision, validation, and writing—original draft. All authors have read and agreed to the published version of the manuscript.

This research has been funded by the European Commission. It was started within the context of the H2020 DiSIEM project (GA no. 700692) and has been completed as part of the H2020 STOP-IT project (GA no. 740610), CUREX project (GA no. 826404), and Cyber-MAR project (GA no. 833389).

Institutional Review Board Statement

Informed consent statement, data availability statement, conflicts of interest.

The authors declare no conflict of interest.

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Preserving MI Harvest

Online via zoom thursdays, may 2 - november 21, 2024.

Interested in mushrooms? Explore tips on foraging, preserving, and using mushrooms safely with us.
Explore ways to preserve herbs and edible flowers from your garden.
Social Media can be fun, but is it a safe place to find food preservation information? Let's take a look at some of the most recent trends and myths.
Interested in hiking and backpacking? Explore food preservation tips to dehydrate foods for snacks and meals and get some good recipe ideas.
It's strawberry season. Explore how to can, freeze, and make jam with this popular fruit. Preserve your strawberries now to enjoy all year long.
African American cuisine has influenced American cooking for decades. Join us as we discover the history of Juneteenth, safe food preservation methods, and recipes.
Learn how to freeze your garden fresh vegetables by blanching and freezing. We'll discuss what is blanching, what to blanch, and tips for freezing veggies.
Green beans are a popular vegetable for canning but they must be pressure canned. Join us and experience how easy it is to pressure can green beans and other vegetables.
Create mixers for your favorite drinks by preserving mixers or using preserved items that you can add to a mixer or use as garnish.
Sweet peppers and hot peppers, what can you do with them all? They can be frozen, canned, pickled, or dehydrated!
Delicious berries, peaches, and pears are in season. Explore a variety of recipe ideas to preserve these tasty fruits.
Join us to learn the proper steps to pickling produce including cucumbers, carrots, brussels sprouts, making relish and so much more.
What to do with your bounty of tomatoes? We'll share a variety of ways to preserve them to enjoy year-round.
Corn is a summer produce staple. This session will discuss various ways to preserve corn-freezing, canning, and dehydrating.
Salsa is a great way to preserve your tomatoes and peppers. Join us to learn the science of preserving sweet and savory salsas!
There's nothing better than having homemade condiments to top off your favorite burger or sandwich. Discover some tasty homemade preservation recipes for relishes, mustard, hot sauce, BBQ sauce, ketchup, and more. Learn to make flavorful homemade dressing using your herbs to spice up your salad.
Making batches of sauerkraut is a tradition for many families. Join us to learn the proper techniques to prepare cabbage, ferment, and process this delicious product.
It's apple season in Michigan. What can you do with an abundance of apples? Let's explore ways to freeze and can those apples.
Discover how to safely freeze and can pumpkin and winter squash.
Preserving venison must be done using a pressure canner. Learn how to safely can, freeze, and dehydrate venison and where to find research-based recipes.
Time to put your garden to rest for the season. What can you preserve and make with a little bit of everything?
Do your holiday baking with the bounty you preserved. Holiday pies can dress up any meal.
Warm up with us and learn how to preserve soup by canning or freezing. We will share safe methods, recipes, and helpful tips so you can start preserving soup at home.
The season of giving is right around the corner! Join us for ideas on what you can preserve for gifts to give. Ideas for gifting preservation equipment for safe home preservation will also be shared.

Registration for Preserving MI Harvest is open .

Registration closes at 11:59 p.m. ET on November 20, 2024.

Accommodations

Michigan State University is committed to providing equal opportunity for participation in all programs, services and activities. Accommodations for persons with disabilities may be requested by contacting the event contact two weeks prior to the start of the event. Requests received after this date will be honored whenever possible.

Contact Information

research paper on event management system

Total Price

5 Signs of a quality essay writer service

Fill up the form and submit.

On the order page of our write essay service website, you will be given a form that includes requirements. You will have to fill it up and submit.

Getting an essay writing help in less than 60 seconds

Please enter your email to receive the instructions on how to reset your password.

Apple researchers develop AI that can ‘see’ and understand screen context

Share on Facebook
Share on LinkedIn

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.

Apple researchers have developed a new artificial intelligence system that can understand ambiguous references to on-screen entities as well as conversational and background context, enabling more natural interactions with voice assistants, according to a paper published on Friday.

The system, called ReALM (Reference Resolution As Language Modeling) , leverages large language models to convert the complex task of reference resolution — including understanding references to visual elements on a screen — into a pure language modeling problem. This allows ReALM to achieve substantial performance gains compared to existing methods.

“Being able to understand context, including references, is essential for a conversational assistant,” wrote the team of Apple researchers. “Enabling the user to issue queries about what they see on their screen is a crucial step in ensuring a true hands-free experience in voice assistants.”

Enhancing conversational assistants

To tackle screen-based references, a key innovation of ReALM is reconstructing the screen using parsed on-screen entities and their locations to generate a textual representation that captures the visual layout. The researchers demonstrated that this approach, combined with fine-tuning language models specifically for reference resolution, could outperform GPT-4 on the task.

The AI Impact Tour – Atlanta

“We demonstrate large improvements over an existing system with similar functionality across different types of references, with our smallest model obtaining absolute gains of over 5% for on-screen references,” the researchers wrote. “Our larger models substantially outperform GPT-4.”

Practical applications and limitations

The work highlights the potential for focused language models to handle tasks like reference resolution in production systems where using massive end-to-end models is infeasible due to latency or compute constraints. By publishing the research, Apple is signaling its continuing investments in making Siri and other products more conversant and context-aware.

Still, the researchers caution that relying on automated parsing of screens has limitations. Handling more complex visual references, like distinguishing between multiple images, would likely require incorporating computer vision and multi-modal techniques.

Apple races to close AI gap as rivals soar

Apple is quietly making significant strides in artificial intelligence research , even as it trails tech rivals in the race to dominate the fast-moving AI landscape.

From multimodal models that blend vision and language , to AI-powered animation tools , to techniques for building high-performing specialized AI on a budget , a steady drumbeat of breakthroughs from the company’s research labs suggest its AI ambitions are rapidly escalating.

But the famously secretive tech giant faces stiff competition from the likes of Google , Microsoft , Amazon and OpenAI , who have aggressively productized generative AI in search, office software, cloud services and more.

Apple, long a fast follower rather than a first mover, now confronts a market being transformed at breakneck speed by artificial intelligence. At its closely watched Worldwide Developers Conference in June, the company is expected to unveil a new large language model framework, an “ Apple GPT ” chatbot, and other AI-powered features across its ecosystem.

“We’re excited to share details of our ongoing work in AI later this year,” CEO Tim Cook recently hinted on an earnings call. Despite its characteristic opacity, it’s clear Apple’s AI efforts are sweeping in scope.

Yet as the battle for AI supremacy heats up, the iPhone maker’s lateness to the party has put it in an uncharacteristic position of weakness. Deep coffers, brand loyalty, elite engineering and a tightly integrated product portfolio give it a puncher’s chance — but there are no guarantees in this high stakes contest.

A new age of ubiquitous, truly intelligent computing is on the horizon. Come June, we’ll see if Apple has done enough to ensure it has a hand in shaping it.

Stay in the know! Get the latest news in your inbox daily

By subscribing, you agree to VentureBeat's Terms of Service.

Thanks for subscribing. Check out more VB newsletters here .

An error occured.

Frontiers in Pain Research
Pharmacological Treatment of Pain
Research Topics

Current Treatment Strategies And Integrative Medicine For Management of Pain in Sickle Cell Disease

Total Downloads

Total Views and Downloads

About this Research Topic

Sickle Cell Disease (SCD) accounts in the United States for over $450 million yearly in healthcare costs. SCD is an inherited hemoglobinopathy involving an abnormal form of hemoglobin, leading to the formation of rigid, sickled-shaped red blood cells that can block capillaries and facilitate inadequate oxygen ...

Keywords : animal models, Sickle Cell Disease, chronic pain, neuropathic pain, analgesic agents, phytomedicines, nutraceuticals

Important Note : All contributions to this Research Topic must be within the scope of the section and journal to which they are submitted, as defined in their mission statements. Frontiers reserves the right to guide an out-of-scope manuscript to a more suitable section or journal at any stage of peer review.

Topic Editors

Topic coordinators, recent articles, submission deadlines, participating journals.

Manuscripts can be submitted to this Research Topic via the following journals:

total views

Demographics

No records found

total views article views downloads topic views

Top countries

Top referring sites, about frontiers research topics.

With their unique mixes of varied contributions from Original Research to Review Articles, Research Topics unify the most influential researchers, the latest key findings and historical advances in a hot research area! Find out more on how to host your own Frontiers Research Topic or contribute to one as an author.

IMAGES

😂 Research methodology on event management. (PDF) EVENT MANAGEMENT
(PDF) Topic Trend of Event Management Research
(DOC) SRS Event Management System
ITIL Event Management: Definition, Tools & Metrics
The Cycle of Event Management
Event Management System Dataflow Diagram (DFD) Academic Projects

VIDEO

Event Management System (DBMS PROJECT)
AlEventMaster: Event Management System Manuscript Presentation
Academic Event Management System Demo
Event Management System using flask and sqlite
Event Management System Using MERN Full Stack Demo
Event Management System #y22mswds32

COMMENTS

(PDF) Event Management System
The proposed Event Management System is developed to assist students and faculties manage even ts. with ease. It is further divided into modules such as: - Event tracking: The events created are ...
Event management research: The focus today and in the future
1. Event research to the present. The largest research focus area from the beginning of event research has been on the economic impacts/benefits of individual events. This research was first motivated from a function of the utility of the event management as a way to demonstrate the economic benefits of holding the event to the political powers ...
(PDF) Event Management System
Deepa .C. Online event management system is an online event management system software project that serves the functionality of an event manager. The system allows registered user login and new ...
Full article: Event experiences: measurement and meaning
This paper provides an introduction to Special Issue on 'Event Experiences: Measurement and Meaning'. It reviews the research conducted by the ATLAS Event Group over the past decade, and highlights the interplay between qualititative and quantitative research on events during this period. Major research themes related to the event ...
Advances in event management using new technologies and mobile
In this work, the authors present a review of mobile applications for event management available for smartphones with the iOS operating system. The objective of the work is to carry out an analysis of these applications, offering an educational point of view and filling a gap in the doctrine, as the authors are dealing with an academically ...
Events management in social media: a systematic literature review
Currently, social media platforms become a valuable source of user-defined multi-features and multimedia data. Such data could be used for several event related applications, such as event detection, event relationship identification, and event representation in the form of nodes and edges. In this paper, we use a systematic critical review to assess recent works in event related problems to ...
Event management research: The focus today and in the future
Mohamed Salama Yulia Raffaelli. Environmental Science, Business. 2021. The Events Management sector has been a new fast-growing trend that links tourism, business, and leisure together (Getz, 1997). Traditionally, all events were mainly focused on financial benefits.…. Expand.
Design of a Web-Based Platform: Event-Venues Booking and Management System
This project aims to study the possibility of establishing an e-commerce platform to solve the existing problems with the event organization. Customers can find a venue for the event, book the venue online, and manage the event's expenses in one place 'Event-Venues Booking and Management System'. The method carried out in this project is ...
A Web based-College Event Management System and ...
The Event Management System (EMS) is used to manage all facets of an event. The proposed research work has developed a web application to make it easier to attend and run events. The proposed event management module enables remote access with a preferred login. The novelty of the proposed model is that it has established social media connections through which the event may be familiarized on a ...
International Journal of Event and Festival Management
Outstanding Paper Cannabis festivals and their attendees in four Eu... The International Journal of Event and Festival Management advances knowledge in the field of events management and enhances the uptake of such knowledge by academics in the field. ISSN: 1758-2954. eISSN: 1758-2954.
PDF EVENT MANAGEMENT
thoroughly. Regardless of various types of events, it is crucial that event managers should be knowledgeable, qualified and professional (Bladen et al. 2012, 21). Due to the thriving need of event management, society has been demanding than ever because people need professional management of events in many fields and sectors (Getz 2007, 2).
Event management research: The focus today and in the future
The largest research focus area from the beginning of event research has been on the economic impacts/benefits of individual events. This research was first motivated from a function of the utility of the event management as a way to demonstrate the economic benefits of holding the event to the political powers that control the jurisdiction ...
Frontiers
Events have played a significant role in the way in which the Coronavirus pandemic has been experienced and known around the world. Little is known though about how the pandemic has impacted on supporting, managing and governing events in municipal (i.e., local) authorities as key stakeholders, nor how events have featured in the opening-up of localities. This paper reports on empirical ...
Event management literature: exploring the missing body of knowledge
The main area in which event management papers are published seems to be tourism, which has long had a strong link with the events ... For example, Sábato and Botana's (Citation 1970) work on the role of the local research system in national development offers a useful model similar to the Triple Helix model widely used in the international ...
PDF Review of Survey Methods in Events Management Research
needs" summary for events management covered 10 topics, of which seven are identified as suitable for survey methods (Getz, 2005, p. 382). It is likely survey methods will continue to be of interest, not least due to new technologies. Although contempo-rary events research textbooks naturally cover sur-
Event and festival research: a review and research directions
A more recent review of trends in event management research was published in 2017, ... multiform ownership and management systems, and coupled with China's unique culture society might require a different research approach. ... 2005), the vast majority of papers relating to festival/event research are empirical rather than conceptual and ...
Toward a Generic Event Management System for Academia
By considering this drawback, a generic academic event management system is introduced by this paper. A framework for managing different kinds of events and management for schedules, participants, transportation, location, speakers and so on will be offered by the proposed website for any technical or nontechnical person. The introducing system ...
Hikester
This paper focuses on event management and introduces "Hikester". The main objective of this service is to provide users with the possibility to create any event they desire and to invite other users. ... the recommender system, the spam recognition service and the parameters optimizer. Published in: 2018 32nd International Conference on ...
Security Information and Event Management (SIEM): Analysis, Trends, and
Security Information and Event Management (SIEM) systems have been developed in response to help administrators to design security policies and manage events from different sources. ... Requirements for IT Security Metrics—An Argumentation Theory Based Approach. Completed Research Paper; Paper 208. [Google Scholar] 115. Garcia M., Bessani A ...
Event Summary for Preserving MI Harvest
Join online via Zoom using your laptop, tablet, smartphone, or any device with internet access. Classes are free and we invite you to register for any sessions you are interested in. Classes are offered on Thursdays from 1-2 p.m. or 6-7 p.m. ET. Sessions include: May 2 - The Fungi Among Us-Foraging and Preserving.
Research Paper On Event Management System
Research Paper On Event Management System. Toll free 24/7 +1-323-996-2024. Email: 1349. Finished Papers. 100% Success rate.
Where Are Your Parents? Exploring Potential Bias in Administrative
This paper examines potential bias in the Census Household Composition Key's (CHCK) probabilistic parent-child linkages. By linking CHCK data to the American Community Survey (ACS), we reveal disparities in parent-child linkages among specific demographic groups and find that characteristics of children that can and cannot be linked to the CHCK vary considerably from the larger population.
Apple researchers develop AI that can 'see' and understand screen
Apple researchers have developed a new artificial intelligence system that can understand ambiguous references to on-screen entities as well as conversational and background context, enabling more ...
Current Treatment Strategies And Integrative Medicine For Management of
Current treatments can also be cost prohibitive and have associated risk factors both of which necessitate the development of novel target systems, phytomedicines and nutraceuticals for management of pain in SCD.The goal of this Research Topic is to curate a collection of papers that discuss the pathobiology of SCD pain and multidisciplinary ...