Security Information and Event Management - SIEM
There is a great number of sources for security information and statuses in an IT system. Various devices generate a large amount of logs which are difficult to track and analyse in real time so it often happens that some incidents are noticed too late or are not seen at all.
Security Information and Event Management (SIEM) systems are solutions for gathering, normalising and automated analysis of security events and logs from different devices in real time.
Logs from all network devices, servers, applications for identity management and resource access, data bases and other services in the system are gathered at one place for processing and generating reports and archiving.
SIEM solution analyses gathered logs and events, taking into consideration their correlation and automatically generates alerts and reports in real time. Depending on the need, it can be adjusted to send notifications in case of potentially dangerous events.
One console is used to display alerts for the whole network, present and link information, generate reports and store long-term security information. The focus is on monitoring and managing user and server rights and directory services, tracking network activities and changes in the system, reviewing logs and managing threat responses.
It is not possible to change or delete archived logs for the purposes of hiding activities.
SIEM features:
Business benefits:
Security Information and Event Management (SIEM) systems are solutions for gathering, normalising and automated analysis of security events and logs from different devices in real time.
Logs from all network devices, servers, applications for identity management and resource access, data bases and other services in the system are gathered at one place for processing and generating reports and archiving.
SIEM solution analyses gathered logs and events, taking into consideration their correlation and automatically generates alerts and reports in real time. Depending on the need, it can be adjusted to send notifications in case of potentially dangerous events.
One console is used to display alerts for the whole network, present and link information, generate reports and store long-term security information. The focus is on monitoring and managing user and server rights and directory services, tracking network activities and changes in the system, reviewing logs and managing threat responses.
It is not possible to change or delete archived logs for the purposes of hiding activities.
SIEM features:
- Gathering data from different sources
- Correlation, examination and analysis of links and dependencies among events and incidents
- Alerting, sending automated alerts in case of potentially dangerous events immediately after the analysis of gathered incidents
- Clear presentation of relevant data using charts; non-standard events are more easily spotted
- Checking the harmonization with defined standards of security management and information protection
- Long term storage of security logs
Business benefits:
- Data protection
- Protection against malicious and unintended actions from employees or external partners
- Harmonization with law regulations
|
Products SolarWinds Log & Security Information Management IBM (Q1Labs) QRadar |
References Integra Group d.o.o. |
