Introduction

Security Information Management (SIM)

  • Specialized security software which helps collect monitor and analyse security events

  • Collect data from legs and translates it into a easily usable format

  • Monitor events in real time

  • Send and generate alerts and reports

  • Automate incident response

  • Correlation of data from multiple sources

  • Translation of event logs

  • Easy to deploy

  • Store and analyze large volumes of data

  • Fast and efficient analysis

  • Correlate logs and events to provide the most accurate overview of the system

  • Allows for easy threat management

  • Can be expensive

  • Not certain they can properly adapt to working environment

  • Not all providers provide full technical support

Security Event management (SEM)

  • Specialized in identification collection monitoring evaluation notifications and correlation in real time of events and alerts

  • Used to identify suspicious behaviour

  • Real time monitoring

  • Obtain security events in devices and applications within the system.

  • Correlation of events provide clear picture of the system

  • Analyze logs

  • Real time incident response

  • Centralization of information

  • Reduction of false positives

  • Improvement in response time

  • Hard to deploy

  • High cost can prevent failures

Security information and event management

  • Aggregates and analyzes information

  • Combination of SIM and SEM

  • Configure devices to send logs to SIEM

  • Advanced threat detection

  • Forensic and incident response

  • Compliance reporting and auditing

SIEM Platforms

  • Graylog open source and enterprise versions

  • ARCSight

  • QRADAR

  • Logrhythm

  • Splunk

PreviousDNSNextLogging

Last updated