The SIEM

Posted by shentanli on March 15, 2020 · 2 mins read

What is SIEM

Security information and event management (SIEM) software gives enterprise security professionals both insight into and a track record of the activities within their IT environment.
SIEM technology has been in existence for more than a decade, initially evolving from the log management discipline. It combined security event management (SEM) – which analyzes log and event data in real time to provide threat monitoring, event correlation and incident response – with security information management (SIM) which collects, analyzes and reports on log data.

How SIEM works

SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters.

The software then identifies and categorizes incidents and events, as well as analyzes them. The software delivers on two main objectives, which are to

  • provide reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities and
  • send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.

SIEM Tools

The SIEM market has several dominant vendors based on worldwide sales, specifically IBM, Splunk and HPE. There are at least several more major players, namely Alert Logic, Intel, LogRhythm, ManageEngine, Micro Focus, Solar Winds, and Trustwave.
Companies need to evaluate products based on their own objectives to determine which would best meet their needs. Organizations that want this technology primarily for compliance will value certain capabilities, such as reporting, more highly than organizations that want to leverage SIEM to set up a security operations center.

REFERENCE

  1. CSO