Security Information & Event Management (SIEM)
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security.
Many companies approach achieving better security the way some people approach achieving better fitness. They spend a lot of money buying a Security Information and Event Management (SIEM) product, much like the way people will purchase an expensive health club membership. But if the company does not follow through and use the SIEM properly, they will fail. Same with people and health clubs – paying for it is just the first step; it is no guarantee of results. So it is imperative to focus on the fundamentals of SIEM and log management in order to succeed. It’s technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate source.