Security Information and Event Management / SIEM

Security Information and Event Management / SIEM solutions are a combination of the former categories of SIM (security information management) and SEM (security event manager). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications.

SIEM solutions can gather, analyze and present information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. SIEM solution appliances can also be used to log security data and generate reports for compliance purposes

SIEM Capabilities:

Data Aggregation:
SIEM solutions aggregate data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.

the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues.

SIEM tools take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.

SIEM applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.

SIEM solutions employ long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements.