Word of the Day: SIEM

Word of the Day Daily updates on the latest technology terms |January 8, 2018

SIEM Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. The acronym SIEM is pronounced "sim" with a silent e. The underlying principles of every SIEM system are to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. For example, when a potential issue is detected, a SIEM might log additional information, generate an alert and instruct other security controls to stop an activity's progress. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEMs have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). Payment Card Industry Data Security Standard (PCI DSS) compliance originally drove SIEM adoption in large enterprises, but concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer. Being able to look at all security-related data from a single point of view makes it easier for organizations of all sizes to spot patterns that are out of the ordinary. Today, most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents. In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced. Although advancements in machine learning are helping systems to flag anomalies more accurately, analysts must still provide feedback, continuously educating the system about the environment. Here are some of the most important features to review when evaluating SIEM products: Integration with other controls - Can the system give commands to other enterprise security controls to prevent or stop attacks in progress? Artificial intelligence - Can the system improve its own accuracy by through machine and deep learning? Threat intelligence feeds - Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed? Robust compliance reporting - Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new reports? Forensics capabilities - Can the system capture additional information about security events by recording the headers and contents of packets of interest? Quote of the Day "SIEM as a utility is the answer to enterprises' questions about how to grow strategically at scale, while not compromising safety and soundness." - A.N. Ananth   Trending Terms security information management correlation engine PCI DSS APT user behavior analytics security event   Learning Center 2018 prediction: Why that smart fish tank hack should have you swim to SIEM Remember the smart fish tank hack in 2017? IoT attacks are sophisticated, and they're here. Learn how SIEM as a utility can help keep your enterprise safe. Is your fish tank listening? A roadmap to dipping your toes in the IoT waters As enterprises adopt IoT devices and manufacturers develop enterprise tools, there is a shared responsibility to ensure data is fortified against attacks. The tug of war between user behavior analysis and SIEM User behavior analysis features appear in a range of information security technologies, and the trend is expected to continue. How to find the best SIEM system for your company Learn to locate the best SIEM system for your organization by reading this overview of the latest SIEM tech developments. Will it last? The marriage between UBA tools and SIEM In this issue of 'Information Security' magazine, we look at SIEM, UBA tools and considerations for effectively implementing user behavior analytics. Writing for Business The number of security holes found during the penetration test left _________ shaken. a. the CSO and me b. the CSO and I c. the CSO and myself Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.