SIEM – Security Incident and Event Management (Video)

Roger Walton of PCG talks about SIEM, Security Incident and Event Management, and its role in detection and compliance.

Among the more powerful tools in the security toolbox is the SIEM. SIEM stands for security incident and event management. And it’s a system that keeps track of alerts, and events, and logs from devices across your system. And it aggregates those and allows them to be analyzed.

So, a SIEM is used really in two different ways. One way is that it will keep an eye on servers, on firewalls, on other devices in your network. And there may be activity on several of these devices that individually wouldn’t be recognized as anything malicious, but can be put together to show that an attack is in progress. And a SIEM, used in this way, is usually used in conjunction with a security operation center, who are dedicated analysts that work on a seven by 24 basis to detect if something untoward is underway.

The other reason you might want a SIEM is that many compliance frameworks require that you track and maintain logs from all of your core devices. And this is not so much so that you can avoid a breach before it happens, but it’s to be absolutely sure that if one does happen, that you have a paper trail, or at least a digital trail that you can go and figure out what actually happened. So, this is another way in which the SIEM can be a valuable tool to the business.