Security Information and Event Management
When we talk about Security Information and Event Management (SIEM), we refer to some services and tools that offer a holistic approach to an organisation’s information security. A SIEM uses data standardisation and prioritisation of information to detect threats and provide support on security issues.
Cyber security as a Business Enabler
The technological solutions provided by a SIEM support threat detection, compliance and security incident management through the collection and analysis of application logs and security events, both in real-time and historically.
The goal of SIEM is to protect the business and customers from potential data leakage using real-time monitoring and event analysis. To do this, an organisation can use artificial intelligence (AI) to automate many of the manual processes associated with detecting threats and responding to incidents.
Different stages can be identified within a SIEM process:
Data collection from all sources of network information, which are configured to feed event data into a SIEM tool. Sources include operating systems, firewalls, servers, antivirus software and intrusion prevention systems, among others. They can rely on agents to collect event logs from the company systems. Once logs are collected, they are then processed, filtered and sent to the SIEM.
Policies that define the behaviour of enterprise systems during pre-defined security incidents but also under normal conditions are put together in a profile that the SIEM administrator creates. This way, it provides default rules, reports, dashboards and alerts which are all customisable and fit to specific security needs.
Correlation and consolidation of data is a key feature of SIEM systems. It is about the parsing and analysis of log files which allows the event categorisation based on the raw data. Then it applies correlation rules that combine individual events into significant security issues.
Notifications to security staff are sent if a security event is triggering a SIEM rule.