<
 
 

Security Information / Event Management (SIM/SEM/SIEM)

As networks grow and become more complex, so too does the amount of data they produce.  Everything, from switches to databases produces event logs. Part of operating a secure infrastructure is collecting, reviewing and managing the deluge of event data. Security Information Management (SIM) or Security Event Management (SEM) (or sometimes combined to SIEM) can provide automated methods to gather, normalize, store and analyze event and log data. 

SIM provides an enterprise-wide security monitoring and administration solution that collects data on events, analyzes the data, and provides a suitable response to threats on enterprise assets. It is positioned as a security information management tool that can be used by an enterprise-class network management centers or managed security service providers with interest in protecting physical and/or logical assets.

SIM Features
A good SIM deployment can offer many strong benefits.

  • Event/log storage & archiving – A good SIM will provide a common platform for gathering, normalizing, and archiving logs and event data.
  • Event aggregation and filtering – a SIM can help you locate the key events in a deluge of noise.
  • Searching & analysis – SIM products automate searching and analyzing event data.
  • Reporting – A SIM can help establish metrics for analyzing IT and security performance.
  • Proactive alerting – SIM can provide real-time alerts regarding potentially dangerous activity.
  • Incident response – A well managed SIM can provide valuable information to security analysts in the event of a security incident.
  • Compliance – Many regulations require log and event management of some type.  A SIM installation can help achieve compliance (it will not guarantee it.)
  • Insight – Properly used, a SIM can give network a security staff insight into operations and help troubleshoot problems.
  • Increased efficiency – A well implemented SIM can help maximize staff resources required to investigate and analyze security and network incidents.

Log Management vs. SIM
Log Management (LM) and SIM are very different technologies.  LM products are centralized repositories for logs generated throughout the enterprise.  LM will parse and normalize data for long-term storage.  Some LM products include basic reporting, searching and analysis tools. 

SIM products offer the same basic functionality as an LM product, but offer deeper analytical and alerting capabilities, often correlating data across multiple data sources to identify potential security events.

Log Management Features
Some of the common functions of a log management system:

  • Event/log storage & archiving – A good LM will provide a common platform for gathering, normalizing, and archiving logs and event data.
  • Event aggregation and filtering – Some LM products can perform some basic event filtering and aggregation capabilities. .
  • Reporting – Most LM products have rudimentary reporting capabilities.   
  • Incident response – LM products can be helpful when tracking down incidents, as all the event log data is in one place.
  • Searching & analysis – Most LM products have some basic search and analytical tools.

For information about which solution is right for you, contact your Anitian representative at info@anitian.com or call 503.644.5646.

Solutions

> Identity Management

> Intrusion Prevention
   & Detection  (IPS/IDS)

> Security Event / Info
   Management (SEM/SIM)

> Network Infrastructure

> Authentication

> Email Security
   & Anti-Spam

> Remote Access

> Perimeter Security

> Security Monitoring

> Wireless Security

> Application Security

> Network Access Control

> Vulnerability
   Management

> Patch Management

Anti-Virus
   Anti-Spyware

 

> Request a Quote

> Request Information

> Support

 

 

  
 

All material in this web site is copyright © 1995-2006, Anitian Corporation. All Rights Reserved Worldwide
Please read our copyright and privacy policy page for more information.