Security information and event management

In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.

Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes.[1]

The acronyms SEM, SIM and SIEM have been sometimes used interchangeably.[2] The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as security event management (SEM). The second area provides long-term storage as well as analysis and reporting of log data, and is known as security information management (SIM).[3] As with many meanings and definitions of capabilities, evolving requirements continually shape derivatives of SIEM product-categories. Organizations are turning to big data platforms, such as Apache Hadoop, to complement SIEM capabilities by extending data storage capacity and analytic flexibility.[4][5] The need for voice-centric visibility or vSIEM (voice security information and event management) provides a recent example of this evolution.

The term security information event management (SIEM), coined by Mark Nicolett and Amrit Williams of Gartner in 2005,[6]

A key focus is to monitor and help manage user and service privileges, directory services and other system-configuration changes; as well as providing log auditing and review and incident response.[3]

As of June 2016, Mosaic Security Research identified 76 SIEM and log management products.[7]

Capabilities

See also

References

  1. "SIEM: A Market Snapshot". Dr.Dobb's Journal. 5 February 2007.
  2. Swift, David (26 December 2006). "A Practical Application of SIM/SEM/SIEM, Automating Threat Identification" (PDF). SANS Institute. p. 3. Retrieved 14 May 2014. ...the acronym SIEM will be used generically to refer...
  3. 1 2 Jamil, Amir (29 March 2010). "The difference between SEM, SIM and SIEM".
  4. "Cybersecurity at petabyte scale".
  5. Hayes, Justin (6 May 2015). "Cybersecurity and the Big Yellow Elephant". Cloudera Vision Blog. Retrieved 13 July 2016.
  6. Williams, Amrit (2005-05-02). "Improve IT Security With Vulnerability Management". Retrieved 2016-04-09. Security information and event management (SIEM)
  7. Mosaic Security Research
  8. Correlation
  9. Understanding and Selecting SIEM/LM: Use Cases
  10. 1 2 Compliance Management and Compliance Automation – How and How Efficient, Part 1
  11. http://www.verizonbusiness.com/about/events/2012dbir/ Data Breach Report
This article is issued from Wikipedia - version of the 10/15/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.