Security Information and Event Management / SIEM
Security Information and Event Management / SIEM solutions are a combination of the former categories of SIM (security information management) and SEM (security event manager). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications.SIEM solutions can gather, analyze and present information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. SIEM solution appliances can also be used to log security data and generate reports for compliance purposes
SIEM Capabilities:Data Aggregation: SIEM solutions aggregate data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events. Correlation: looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Alerting: the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Dashboards: SIEM tools take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern. Compliance: SIEM applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes. Retention: SIEM solutions employ long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements.