The term Security Information and Event Management (SIEM) finds its origin from the combination of Security Information Management (SIM) and Security Event Management (SEM). Where SIM focuses on the collection and long-term storage of log files, SEM focuses on real-time monitoring of (suspicious) behaviour. SEM does this by aggregating and identifying interesting log entries (events), often collected by a SIM implementation. A SIEM collects log files and security information from internal- (i.e. server-, network- and application logs) and external sources (i.e. threat intelligence sharing). Event correlation is used to detect and alert on, by the organisation defined, unwanted activities within the network. Lets have a look at the Key Use Cases for the SIEM Market:
Key Use cases:
- Manage and store Security Logs across devices and applications: one of the important capability of SIEM solution is that it can aggregate log sources across the IT infrastructureof an organization and stores them for their analysis. It performs log normalization, log parsing and log timestamping for better stogate and correlation.
- Detect Indicators of compromise (IOC’s) by analyzing the aggregated Log sources for possible security breach: SIEM correlation engine performs analysis on the log data to identify any sucpecious activity inside the organizations network. Correlation rules can be written to detect for any indicators of compromise by correlation logs from different devices, applications and systems.
- Maintain and monitor compliance with various regulatory bodies on a continuous basis: One of the major drivers of SIEM tools in the market is due to the compliance and regulatory requirements. Compliance, regulations and industry standards requires organizations to collect and store log data from various systems, devices and applications, have visibility into and continuous monitoring of enterprise networks for better security. SIEM is a great tool to accomplice that.
- Detect and mitigate Advance persistent threats: APT’s are hard to detect if already inside any organization as they keep a low profile. No single point product can help you protect from APT attacks. SIEM tool provides a birds eye view for the entire enterprise IT, SIEM analytics engine and continuous monitoring can help protect against APT’s.
- Continuous monitoring of organizational IT Infrastructure: As mentioned previously, SIEM tools provides a holistic picture of the state of security in any organizations. The SIEM tool is fed with logs, vulnerability data, configuration data, and threat intelligence feeds which helps it monitor for any breaches and abnormal behavior inside the organization.
- Integrate with and streamline organization cyber incident response program: SIEM generates alerts and notifications for critical security incidents/ suspicious activity inside your network. SIEM tools have built-in incident workflow defined to appropriately respond to such scenarios and track the Incident until its remediation. SIEM can also be integrated with Incident response and Forensics tools.
Do let me know if you want us to add or modify any of the listed key use cases.
Check out the Security Information and Event Management (SIEM) market within FireCompass to get more information on these markets.