All about Security Information and Event Management

Written by sachindra149 | Published 2020/05/03
Tech Story Tags: siem | security | information-security | blogging | vpn | vpn-and-privacy | data-security | cyber-security

TLDR SIEM stands for "Security Information and Event Management" SIEM is a set of tools and services that offer a holistic view of any organisation's information security. It works by combining two technologies: Security information Management(SIM) and Security Event Management(SEM) It is the primary tool used in teh detection of security incidents by collecting logs from all the data sources across the network. Dashboard logging, Search Queries, reports and reports are some of the features that provide which allow the security professionals to handle the security breaches.via the TL;DR App
SIEM stands for "Security Information and Event Management". It is a set of tools and services that offer a holistic view of any organisation's information security. It works by combining two technologies: 
Security information Management(SIM)
, which collects data from the log files and runs an analysis on the security vulnerabilities and reports them, and 
Security Event Management(SEM)
which monitors any system on a areal-time basis and also keeps the network admins notified about the threats. 
SIEM
is used to identify threats and anomalies in the network, cyber attacks from gigs of data.
SIEM requirement in Cyber Security
Cyber Security Incident detection: SIEM is the primary tool used in teh detection of security incidents by collecting logs from all the data sources across the network and triggers an alert on successful match of condition defined in the correlation rule. In other words, it triggers an alert in case any network anomaly is detected in the network.
Regulatory Compliance: Its is also used to comply with many security compliances like, 
PCIDSS (Payment Card Industry Data Security Standard)
, 
ISO
, 
HIPPA
and ensure that the company assets within the network meet the requirement of the compliance.
Effective Incident Management: Dashboard logging, Search Queries, reports are some of the features that 
SIEM
tools provide which allow the security professionals to handle the security breaches.
SIEM Architecture:
  1. Receiver: The main responsibility of this component is to get the logs from all the data inputs like windows OS, linux, application, routers, firewall, VPN servers etc. It is also meant for parsing the logs, normalisation and aggregation.
  2. Manager: This is the heart of any 
    SIEM architecture
    . It has a correlation engine where we define a correlation rule where we match a specific rule and trigger and alert based on the match. It is a centralized management to identify and monitor different cyber attacks based on the condition which we define in the rule.
  3. Logger: This is a storage device to store the past events and triggers alerts. It is also used to store data for a longer period of time in case required, with an option to configure teh retention period of data based on the business needs.
Some of the 
SIEM
platforms provided by different vendors in the market:
  1. HP ArcSight
  2. RSA Security Analytics
  3. IBM Security QRadar
  4. Splunk
  5. McAfee Nitro
  6. LogRhythm
  7. Solarwinds
  8. Securonix
Written by sachindra149 | Front End Engineer
Published by HackerNoon on 2020/05/03
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy