Overview#

Security Information and Event Management (SIEM) and the related Security Event Manager (SEM) and Security Information Management (SIM) are computer security disciplines that use data inspection tools to centralize the storage and interpretation of logging files or events generated by other applications running on a network.

The typical organization's security implementation is capable of generating an exorbitant amount of data and Big data technologies are often implemented.

Detecting failed authentication events for the same Digital Identity multiple IDM enable systems in any environment is a daunting task. The Security Information and Event Management products provide a solution to this problem.

The typical system will aggregate and correlate logging, Auditing allowing IT security to prioritize security Incidents. The goal of the Security Information and Event Management products is to allow security pros to detect and react more quickly to Item of Interest

Security Information and Event Management products also help to help with transaction integrity, specifically around fraud prevention and enterprise applications. Some Security Information and Event Management integrate with existing third-party fraud prevention tools and based on models of risk activity, monitor transactions for fraudulent patterns. Similarly, Security Information and Event Management vendors are writing connectors to enterprise applications such as SAP, Oracle and various flavors of CRM to begin watching those types of transactions.

Capabilities/Components#

  • Data aggregation - Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
  • Correlation - looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Manager (SEM) portion of a full SIEM solution
  • Alerting - the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third party channels such as email.
  • Dashboards - Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
  • Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.
  • Retention - employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring.
  • Forensic analysis - The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-12) was last changed on 08-Aug-2017 09:07 by jim