This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Security Information and Event Management
Security Information and Event Management

Version management

Difference between version and

At line 1 added 24 lines
!!! Overview
[{$pagename}] ([SIEM]) and the related [Security Event Manager (SEM)] and Security Information Management (SIM) are computer security disciplines that use [data] inspection tools to centralize the storage and interpretation of [logging] files or [events] generated by other [applications] running on a [network].
The typical organization's [security] implementation is capable of generating an exorbitant amount of [data] and [Big data] technologies are often implemented.
Detecting failed [authentication] [events] for the same [Digital Identity] multiple [IDM] enable systems in any environment is a daunting task. The [{$pagename}] products provide a solution to this problem.
The typical system will aggregate and correlate [logging], [Auditing] allowing IT [security] to prioritize [security Incidents]. The goal of the [{$pagename}] products is to allow security pros to
detect and react more quickly to [Item of Interest]
[{$pagename}] products also help to help with transaction [integrity], specifically around [fraud] [prevention] and enterprise [applications]. Some [{$pagename}] integrate with existing [third-party] [fraud] [prevention] tools and based on models of [risk] activity, monitor transactions for fraudulent patterns. Similarly, [{$pagename}] vendors are writing connectors to enterprise [applications] such as SAP, Oracle and various flavors of [CRM] to begin watching those types of transactions.
!! Capabilities/Components
* [Data] aggregation - [Log|Logging] management aggregates [data] from many sources, including [network], [security], [servers], [databases], [applications], providing the ability to consolidate [monitored|Monitoring] [data] to help avoid missing crucial [events].
* Correlation - looks for common attributes, and links [events] together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the [Security Event Manager (SEM)] portion of a full SIEM solution
* [Alerting] - the automated analysis of correlated [events] and production of alerts, to notify recipients of immediate issues. [Alerting] can be to a dashboard, or sent via third party channels such as email.
* [Dashboards] - Tools can take event [data] and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
* [Compliance]: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.
* Retention - employing long-term storage of historical data to facilitate correlation of [data] over time, and to provide the retention necessary for [compliance] requirements. Long term log [data] retention is critical in forensic investigations as it is unlikely that discovery of a network [breach] will be at the time of the breach occurring.
* Forensic analysis - The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Security_information_and_event_management|Wikipedia:Security_information_and_event_management|target='_blank'] - based on information obtained 2017-08-08-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop