We use SIEM as an approach to security management that seeks to provide a holistic view of your enterprise’s IT security. SIEM technology provides the real-time study of security alerts generated by network hardware and applications. SIEM is generally sold as software, appliances or services.
The basic principle of a SIEM system is that necessary data about system’s security is generated in multiple locations and which enables one to look at all the data from a single point, making it easier to notice trends and patterns that are abnormal.
The segment that deals with real-time monitoring, correlation of events and notifications is commonly known as security event management (SEM). Whereas the second segment which is known as security information management (SIM) deals with investigation, long-term and reporting of log data.
A SEM system centralizes the storage and analysis of logs thereby allowing almost real-time study which assists the security personnel to take evasive actions promptly. A SIM system piles up data into a central repository for analysis of trend and patterns and provides automated addressing for compliance and reporting. By combining these two functions SIEM systems provide agile identification, analysis and recovery of security related events.