SIEM - Security Information and Event Management

SIEM is a software tool that allows security operations teams to identify potential incidents by consolidating and correlating log data from many other tools in the environment.

 

These commonly ingest log data from IDS/IPS, Firewalls, endpoint security solutions, and numerous other sources. SIEMs then use rule sets which can be customized by the security operations team to correlate the log data and trigger alerts when violations of the rule sets occur.  Many regulations require that companies store and regularly review log data as part of their cyber threat defense program. SIEMs are increasingly integrating User and Entity Behavior Analytics (UEBA) to provide advanced analytics related to activity in an environment. In addition, SIEMs are integrating (Security Orchestration and Automation and Response (SOAR) technology to help streamline (or automate) the alert triage and incident response process.

 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.