Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is a composite of Security Information Management (SIM) and Security Event Management (SEM). Although distinctions between these three concepts are not well defined, in general SIEM and related systems strive to automate both the analytic and the response processes for security-significant occurrences on networks.

Some common characteristics of SIEM include:

centralized logging
automated log analysis
correlation of disparate events
incident alerting or response
reporting (including reporting for compliance)

SIEM is generically similar to Intrusion Detection Systems (IDS) or Instruction Prevention Systems (IPS), although with SIEM there is a heavier emphasis on analytics and reporting.

References:

http://www.wernerschmidt.com/blog/index_files/6bf90acaf61fb4b4a614a6453df16439-16.html

http://www.sans.org/reading_room/whitepapers/logging/practical-application-sim-sem-siem-automating-threat-identification_1781

Page updated

Google Sites

Report abuse