Security incident event management (SIEM) is also known as “Information event management”. It provides a detailed view of the security events of an IT infrastructure. It entails the process of recognizing, supervising, recording and also executing a thorough scrutiny of security events within an IT environment.
SIEM works through a combination of two technologies. SIM (Security information management) and SEM (Security event management). While SIM gathers data for log files for analysis and reports on security threats and events, SEM on the other hand monitors and establish links between security events.
The security incident event management also makes use of tools such as; Arcsight ESM, IBM QRadar and Splunk.
SIEM processes can be categorized as follows:
Data collection: Sources of network security information, e.g, servers, operating systems, firewalls, antivirus software and intrusion prevention systems are configured to feed event data into a SIEM tool. Some of these tools use agents to collect event logs from enterprise systems which are then processed, filtered and sent to the SIEM. Some SIEMs allow agentless data collection. e.g, Splunk offers agentless data collection in Windows using WMI.
Data correlation: SIEM solutions correlate, parse and analyze log files. It categorizes events based on the available data and applies correlation rules that combine individual data events into meaningful security issues.
Notifications: If an event or set of events breaks a SIEM rule, the system notifies security personnel.
Policies: A profile is created by the SIEM administrator, which defines the behaviour of enterprise systems both under normal conditions and during pre-defined security incidents. SIEMs provide default rules, alerts, reports, and dashboards that can be tuned and customized to fit specific security needs.
It is also important to add that SIEM tools can help an organization become PCI DSS compliant. This security standard reassures the customers of a company where their credit card and payment data will remain safe from illegal acts such as, theft or misuse.