1. What is Security Information and Event Management (SIEM)? Why is it important

1. 1. What is Security Information and Event Management (SIEM)? Why is it important for the business to use SIEM? What are some of the vendors providing SIEM tools, and what are some of those tools?
2.  
3. Security Information and Event Management, or SIEM, is a combination of security information management (SIM) and security event management (SEM) functions morphed into a single security management system to create the ultimate log management security tool. SIEM products and services equip organizations with a proactive approach to security management by providing consolidated security logging and reporting and assisting in the detection, analysis and mitigation of security incidents. Considered an essential component to security strategy and invaluable to any sized companies, SIEM tools are designed to facilitate centralized analysis and reporting of organizational security events, with the capability to stop detected attacks still in progress. The implementation of SIEM solutions provides three common benefits: streamline compliance reporting, detect incidents, and improve efficiency of incident handling activities. It does all this in near real-time which equates to greatly improving reaction time to eliminating possible threats.
4. There are a few ways SIEM tools can be configured: ruled-based, statistical correlation or both. Rule-based is applied by policy and statistical correlation finds relationships between events. Additionally, some SIEM suites reduce the volume of events reviewed by pre-processing at the edge collectors, though this could result in overlooking relevant events. In addition to providing security, SIEM streamlines governmental compliance requirements, reduce troubleshooting time, and contribute to forensic investigations. Next, SIEM assists in automating redundant tasks that require compliancy. With all network events located in a central location, IT staff can collaborate and quickly narrow down issues within the network. Lastly, SIEM can quickly interpret log data while preserving evidence that make findings admissible in court. Logs offer non-repudiation by representing digital fingerprints for devices on the network, so all actions taken by a device leaves reliable evidence.
5.  
6. SIEMs are important for companies simply because network devices within a company produce a lot of logs. These logs help in maintaining system stability, alert for successful/failed security actions, and provide general information. They can be very helpful in determining what situations need immediate actions. However, because of the sheer amount of logs produced, important and critical logs can be lost in this sea of logs which can degrade security within a company. Managing logs and effectively using them is the key to unlocking their potential. Due to the mass amounts of logs that are generated, it is less than ideal for IT staff to examine every event for issues. This is where SIEMs come into play. SIEM is a powerful security tool that not only collects and analyzes events, but also provides meaningful reports and actionable results. Implementing this security solution would greatly add to the cyber security program of any company. As attacks occur internally and externally, nothing will be a-miss when critical log events trigger remedial actions to neutralize the threat. It may be expensive for smaller companies, but will likely pay off in a growing organization. The SIEM tool shows how powerful event logging can really be when implemented properly.
7.  
8. One of the top providers of SIEMs us LogRhythm that offers Security Intelligence Platform, a product that combines SIEM, log management, file integrity monitoring and analytics with powerful forensic tools. LogRhythm is designed with the capabilities to collect and audit IT security management functions, analyze and identify mischievous activity and produce in-depth security events reports for document compliance. Security Intelligence Platform equips system administrators with an all-inclusive outlook of all network devices under one dashboard, through the automated collection, correlation, and analysis of event data spanning devices from the desktop to the data center. The customizable web interface supports over 700 log types while allowing administrators to quickly correlate, search and pivot through data rapidly.
9.  
10. Another leading SIEM company is Splunk. Splunk performs all of the fundamental functions of a SIEM suite as well as advanced security tasks unique to its development. At the basic level it collects and consolidates logs from many sources within an enterprise including security controls, operating systems, and applications. Splunk then performs analysis on the data collected to determine threat patterns and violations to policy. Lastly, it reports and acts on any findings that are discovered. Furthermore, these actions can be automated or handled directly by IT staff. Splunk can migrate or replace a legacy SIEM through a public or private cloud service, locally installed software, or deployed in a hybrid software-cloud fashion (Splunk(1), 2017). Further, operating system compatibility is supported across all of the major platforms: Linux, Solaris, Mac, FreeBSD, Windows, etc. Splunk offers a 60 trial for the local Enterprise version and a 15 day trial for the cloud service version. This allows an organization to test the SIEM solution to ensure it meets or exceeds its needs.