Software Information And Event Management

SIEM:

Security information and event management(SIEM) system provides a centralized solution for collecting, analyzing, and managing data from multiple sources. Then combine the services of security event management(SEM) and security information management(SIM) solutions. A SEM provides real-time monitoring, analysis, and notification of security events, such as suspected security incidents.

Why SIEM?
SIEMs are very useful in large enterprises that have massive amounts of data and activity to monitor. Consider an organization with over 1,000 servers. When an incident occurs on just one of those servers, administrators need to know about it as quickly as possible. The SIEM provides continuous monitoring and provides real-time reporting.

Aggregation:
Aggregation refers to combining several dissimilar items. Into a single item. A SIEM can collect data from multiple sources, such as firewalls, IPS, proxy servers, and more and aggregate this data and store it in such a way that it is easy to analyze and search.

Correlation Engine:
A Correlation Engine is a software component used to collect and analyze event log data from various systems within the network. It aggregates data looking for common attributes. It then uses an advanced analytic tool to detect patterns of potential security events and raises alerts. System administrators can then investigate the alert.

Automated Alerting:
A SIEM typically comes with predefined alerts, which provide notifications of suspicious events.

Automated triggers:
Triggers cause an action in response to a predefined number of repeated events.

Time synchronization:
All servers sending data to the SIEM should be synchronized at the same time. This becomes most important when investigating an incident so that security investigators know when events occurred.

Event deduplication:
Deduplication is the process of removing duplicate entries because NIDS collects data from a firewall and a SIEM collects data from NIDS and the firewall. So SIEM stores only a single copy of any duplicate log entries, but ensures that the entries are associated with both devices.

Comments

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email

Advance Attacks on Network