6 Key Use Cases for Security Information and Event Management (SIEM)

The term Security Information and Event Management (SIEM) finds its origin from the combination of Security Information Management (SIM) and Security Event Management (SEM). Where SIM focuses on the collection and long-term storage of log files, SEM focuses on real-time monitoring of (suspicious) behaviour. SEM does this by aggregating and identifying interesting log entries (events), often collected by a SIM implementation. A SIEM collects log files and security information from internal- (i.e. server-, network- and application logs) and external sources (i.e. threat intelligence sharing). Event correlation is used to detect and alert on, by the organisation defined, unwanted activities within the network. Lets have a look at the Key Use Cases for the SIEM Market:

Key Use cases:

  • Manage and store Security Logs across devices and applications: one of the important capability of SIEM solution is that it can aggregate log sources across the IT infrastructureof an organization and stores them for their analysis. It performs log normalization, log parsing and log timestamping for better stogate and correlation.
  • Detect Indicators of compromise (IOC’s) by analyzing the aggregated Log sources for possible security breach: SIEM correlation engine performs analysis on the log data to identify any sucpecious activity inside the organizations network. Correlation rules can be written to detect for any indicators of compromise by correlation logs from different devices, applications and systems.
  • Maintain and monitor compliance with various regulatory bodies on a continuous basis: One of the major drivers of SIEM tools in the market is due to the compliance and regulatory requirements. Compliance, regulations and industry standards requires organizations to collect and store log data from various systems, devices and applications, have visibility into and continuous monitoring of enterprise networks for better security. SIEM is a great tool to accomplice that.
  • Detect and mitigate Advance persistent threats: APT’s  are hard to detect if already inside any organization as they keep a low profile. No single point product can help you protect from APT attacks. SIEM tool provides a birds eye view  for the entire enterprise IT, SIEM analytics engine and continuous monitoring can help protect against APT’s.
  • Continuous monitoring of organizational IT Infrastructure: As mentioned previously, SIEM tools provides a holistic picture of the state of security in any organizations. The SIEM tool is fed with logs, vulnerability data, configuration data, and threat intelligence feeds which helps it monitor for any breaches and abnormal behavior inside the organization.
  • Integrate with and streamline organization cyber incident response program: SIEM generates alerts and notifications for critical security incidents/ suspicious activity inside your network. SIEM tools have built-in incident workflow defined to appropriately respond to such scenarios and track the Incident until its remediation. SIEM can also be integrated with Incident response and Forensics tools.

Do let me know if you want us to add or modify any of the listed key use cases.

Check out the Security Information and Event Management (SIEM) market within Product comparison platform to get more information on these markets.

Views: 321

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service