+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Heimdal Security (https://www.geeks.fyi/forumdisplay.php?fid=130)
+----- Forum: Heimdal Security Blog Articles (https://www.geeks.fyi/forumdisplay.php?fid=138)
+----- Thread: What Is SIEM: How It Works and What Are Its Benefits (/showthread.php?tid=15491)
What Is SIEM: How It Works and What Are Its Benefits - harlan4096 - 02 July 21
Quote:Continue Reading
Cybersecurity Basics: What Is SIEM and How You Can Use It for Your Business. SIEM Benefits and Best Practices.
Wondering what is SIEM, what are its benefits and limitations, and what are the best practices you can apply for your business? Read on to find out the answers to your questions!
What is SIEM? Definition
As CSO notes, “security information and event management (SIEM) software give enterprise security professionals both insight into and a track record of the activities within their IT environment.”
SIEM evolved from the log management discipline and “combined security event management (SEM) – which analyzes log and event data in real-time to provide threat monitoring, event correlation, and incident response – with security information management (SIM) which collects, analyzes, and reports on log data.”
How does SIEM work?
A SIEM software’s mission is to collect and aggregate the log data that is generated throughout an organization’s technology infrastructure. This includes host systems and applications, network and security devices – firewalls, antivirus filters.
After this part, the SIEM software identifies and categorizes incidents and events, and then it analyzes them. Its objectives are to:
Quote:provide reports on security-related incidents and events, such as successful and failed logins, malware activity, and other possibly malicious activities, and send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.
What is SIEM? Benefits
How can a SIEM software help you? Well, it offers:
a. Data Aggregation and Retention
As already mentioned, a security information and event management software will aggregate data from your company’s technology infrastructure and, moreover, it will store it in the long-term to enable analysis and tracking.
b. Threat Intelligence Feeds
A Security Information and Event Management software can combine internal data with threat intelligence feeds that include information about attack patterns, threat actors, and vulnerabilities.
c. Correlation, Analytics, and Alerting
SIEM applications can help you link events and data into meaningful explanations of real security incidents, use statistical models and machine learning to find more complex relationships between data and anomalies, and send out alerts about immediate issues.
d. Incident Response
A SIEM software will allow security teams to quickly synchronize and respond to threats by providing case management, collaboration, and knowledge sharing.
e. Compliance
As you might imagine, SIEM applications are particularly useful for compliance purposes too – they automate the gathering of compliance data and produce reports that measure up to various standards (HIPA, HITECH, GDPR, etc.).
...
![[Image: what-is-siem-concept-image.png]](https://heimdalsecurity.com/blog/wp-content/uploads/what-is-siem-concept-image.png)