What is a Security Event Manager (SEM) (also, SIEM and SIM)?
SIEM technology aggregates event data produced by security devices, network infrastructures, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as NetFlow and packet capture. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data is normalized, so that events, data and contextual information from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time security monitoring, historical analysis and other support for incident investigation and compliance reporting.
The acronyms SEM, SIM and SIEM are, often, used synonymously and mean:
- Security Information Management (SIM)
- Security information and event management (SIEM)
- Security Event Manager (SEM)
SIEM performs four major functions:
- Log Consolidation
- Threat Correlation
- Incident Management
Why Use SIEM?
SIEM is used:
- To monitor and improve operational efficiency and effectiveness
- Perform log management and aide performance
- For compliance record keeping and reporting