SIEM stands for "Security Information and Event Management". It is a set of tools and services that offer a holistic view of any organisation's information security. It works by combining two technologies: , which collects data from the log files and runs an analysis on the security vulnerabilities and reports them, and which monitors any system on a areal-time basis and also keeps the network admins notified about the threats. is used to identify threats and anomalies in the network, cyber attacks from gigs of data. Security information Management(SIM) Security Event Management(SEM) SIEM SIEM requirement in Cyber Security SIEM is the primary tool used in teh detection of security incidents by collecting logs from all the data sources across the network and triggers an alert on successful match of condition defined in the correlation rule. In other words, it triggers an alert in case any network anomaly is detected in the network. Cyber Security Incident detection: Its is also used to comply with many security compliances like, , , and ensure that the company assets within the network meet the requirement of the compliance. Regulatory Compliance: PCIDSS (Payment Card Industry Data Security Standard) ISO HIPPA Dashboard logging, Search Queries, reports are some of the features that tools provide which allow the security professionals to handle the security breaches. Effective Incident Management: SIEM SIEM Architecture: The main responsibility of this component is to get the logs from all the data inputs like windows OS, linux, application, routers, firewall, VPN servers etc. It is also meant for parsing the logs, normalisation and aggregation. Receiver: This is the heart of any . It has a correlation engine where we define a correlation rule where we match a specific rule and trigger and alert based on the match. It is a centralized management to identify and monitor different cyber attacks based on the condition which we define in the rule. Manager: SIEM architecture This is a storage device to store the past events and triggers alerts. It is also used to store data for a longer period of time in case required, with an option to configure teh retention period of data based on the business needs. Logger: Some of the platforms provided by different vendors in the market: SIEM HP ArcSight RSA Security Analytics IBM Security QRadar Splunk McAfee Nitro LogRhythm Solarwinds Securonix

All about Security Information and Event Management

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Clickjacking Attacks: What Are They and How to Prevent Them

100 Stories To Learn About Blogging

10 Online Activities To Do During Quarantine

13 reasons why I blog

3 Easy And Powerful Link Building Strategies

16 Best Crypto Blogs to Read in 2022

Clickjacking Attacks: What Are They and How to Prevent Them

100 Stories To Learn About Blogging

10 Online Activities To Do During Quarantine

13 reasons why I blog

3 Easy And Powerful Link Building Strategies

16 Best Crypto Blogs to Read in 2022

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps