What is SIEM?
Security Information and Event Management (SIEM) is a tool that organizations can use to help automate real-time detection and response to potential threats.
How does SIEM work?
SIEM works by gathering logs from multiple sources (i.e. firewalls, switches, servers, endpoints, etc.) into a centralized location. The SIEM ingests the log data and conducts automated analysis, correlation, and reporting. This takes the burden away from System Administrators of having to manually sort through thousands of event log entries on multiple systems.
What are the benefits of using SIEM?
Some key benefits of incorporating a SIEM solution for your organization include:
- 24×7 Threat Detection and Alerting
- Centralized Data Logging and Monitoring
- Compliance
- Data Retention and Storage
- Real-Time Alerting and Incident Response
SIEM Use Cases
- Company ABC receives an automated alert from their SIEM that a user has logged into their email successfully from another country. After reaching out to the user, the IT team confirms that this was not an approved login. The IT team was quickly able to respond to the incident and remove the threat actor’s access to the compromised email to prevent any further damage.
- Your organization configures the SIEM tool to send automated alerts when a user accesses sensitive employee data stored on a file server. The IT team receives multiple alerts that a user has accessed data on the server that contains other employee’s social security numbers. The IT team was able to respond to the event and remove the user’s access, as well as provide management detail of what information the user was able to view successfully. In addition, this event prompts the IT team to perform a full audit of user access and was able to find that multiple other users had access to the data that they were not supposed to.
Related Glossary Pages You May Be Interested In
Network Security & Network Security Tools
What is Network Security To define network security, it is important to understand what is meant by ...
Read More Network Security Threats & Network Security Attacks
What are Network Security Attacks Network Security Attacks are unauthorized actions taken against digital assets within a ...
Read More Microsoft Security
What is Microsoft Security and Why is it Important? Microsoft security is an important part of the ...
Read More Related FAQ Pages You May Be Interested In
What is an MSP?
A managed services provider (MSP) is an IT support services company that provides SMBs with IT support ...
Read More What is an MSSP?
A managed security service provider is an IT firm that specializes in cybersecurity, governance, risk and compliance ...
Read More