SIEM

Security Information Event Management (SIEM)

The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is known as security event management (SEM). The second area provides long-term storage as well as analysis, manipulation and reporting of log data and security records of the type collated by SEM software, and is known as security information management (SIM).

The term SIEM was created by researchers at Gartner back in 2005.

SIEM software collects and aggregates log data generated throughout the organisation’s technology infrastructure, from host systems and applications to network and security devices such as firewalls, network access control, end point protection and antivirus filters.

The software then identifies and categorises incidents and events, as well as analyses them. The software delivers on two main objectives, which are to

  • provide reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities and
  • send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.

This hopefully reducing false positives and providing significant evidence to the information security manager.

Benefits of SIEM

SIEM benefits all types and all sizes of organisations, it’s ability to identify potential threats using advanced rules, real-time and historical information from multiple sources provides perhaps the best protection from zero-day attacks.

  • Visibility and anomaly detection can help protect against polymorphic software attacks which traditional “cyber security solutions” have a poor detection rate against.
  • Quickly identifies and alerts against brute force attacks password guessing and misconfigured systems.
  • Visualization with a SIEM using security events and log failures can aid in pattern detection.
  • Protocol anomalies which can indicate a mis-configuration or a security issue can be identified with a SIEM using pattern detection, alerting, baseline and dashboards.
  • SIEMS can detect covert, malicious communications and encrypted channels.
  • Cyberwarfare can be detected by SIEMs with accuracy, discovering both attackers and victims.