Thursday, May 23, 2013

Selecting an SIEM Solution For Your Organization Simplified

Selecting the correct Security Information and Event Management (SIEM) solution for your organization is not an easy task. The purpose of this article is to educate you why you should or should not have an SIEM solution, what key areas to look at when acquiring and SIEM solution and I'll also give you some of my own opinions or certain vendors and options.

SIEM is an hybrid of two products SIM (security information management) and SEM (security event management). SEM technology evolves with real-time activities such as real-time correlation, alerting, dashboards, etc. SIM component is responsible for retention of logs for log-term analysis and forensics, reporting, pattern discovery, etc. Most of the leading SIEM vendors now provide ticketing/workflow management systems, integrated knowledge-bases various other components integrated to their SIEM solution.