What is SIEM?
SIEM (Security Information and Event Management) — is a solution for monitoring and analysis all network activity in a company.
SIEM is an improved system for detecting malicious activity and various systemic anomalies. SIEM allows to see a complete picture of network activity and security events. Usual instruments of detection individually do not see the attack, but it can be detected by careful analysis and correlation of information from various sources. That is why many companies use SIEM systems as an additional and significant protection tool from targeted attacks.
SIEM = IMPROVED SYSTEM FOR DETECTING MALICIOUS ACTIVITY
SIEM collects events from multiple devices into a single console, allows you to create litmus indicators and automatically notify about various threats: failures, unauthorized access attempts, viruses.
As Gartner claim, SIEM system should collect, analyze and present information from network and security devices. This system includes identity and access management applications, vulnerability management tools and databases.
Key SIEM solution features
- Ability to send alerts based on predefined settings.
- Reports and logging to simplify the audit.
- Ability to view data at different levels of detail
Where is SIEM applicable?
- Everythere you may get usefull information from event logs
- Access audit, access control for critical resources, the number of website visitors estimation, malware detection, physical access control, analysis of sales, consumer behavior, reduction of false positives, audit of financial indicators, analysis of network activity, control of automated devices (conveyor belts) and etc.