Security Information and Event Management / SIEM

Security Information and Event Management / SIEM solutions are a combination of the former categories of SIM (security information management) and SEM (security event manager). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications.

SIEM solutions can gather, analyze and present information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. SIEM solution appliances can also be used to log security data and generate reports for compliance purposes



SIEM Capabilities:

Data Aggregation:
SIEM solutions aggregate data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

Correlation:
looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.

Alerting:
the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues.

Dashboards:
SIEM tools take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.

Compliance:
SIEM applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.

Retention:
SIEM solutions employ long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements.