In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.We sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes.
Capabilities & Components of SIEM:
Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
Looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution.
The automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third party channels such as email.
Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.
Employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring.
Forensic analysis :
The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.
Get real-time visibility into all activity on systems, networks, databases, and applications. As the foundation of our security information and event management (SIEM) solution,SIEM Security Managerdelivers actionable intelligence and integrations required for you to prioritize, investigate, and respond to threats, while the embedded compliance framework and built-in security content packs simplify analyst and compliance operations. Improve your effectiveness through continuous visibility into threats and risk, actionable analysis to guide triage and speed investigations, and orchestration of security remediation. An extensible and distributed design integrates with more than three dozen partners, hundreds of standardized data sources, and industry threat intelligence. SIEM Security Manager makes it practical to support your organization’s current and future security and compliance goals.