SIEM – What is a SIEM Solution?

SIEM stands for Security Information and Event Management. It is a combination of two earlier security monitoring techniques: SIM and SEM. The purpose of SIEM is to detect intruders who have managed to sneak past the network’s perimeter defenses.

SIM stands for Security Information Management, which examines log file records. It is a host-based intrusion detection system (HIDS).

Host-based security systems are capable of consolidating various log message formats to collect data from multiple points in the system and look for signs of an attack. The issue with SIM is that it is not instantaneous. It takes time to gather enough information to be included in the analysis.

SEM stands for Security Event Management and deals with real-time data. It is a network-based intrusion detection system (NIDS). Network-based security monitoring systems have the advantage of speed because they operate in real time. However, this strategy has weaknesses, as hackers can infiltrate the system without detection by combining a series of actions to make malicious activity appear as legitimate individual transactions.

SIM plus SEM is SIEM

By combining SIM and SEM (=SIEM), network traffic investigations can be directed towards specific users and endpoints identified by SIM. In this way, SIEM provides much more accurate alerts than a standard network security monitor.

CapMon is an MSSP technology partner with Elastic.
As such, our SIEM – Log Management solutions sig på Elastic moduler, som benyttes verden over af tusindvis af organisationer.
Herunder Cisco, eBay, Goldman Sachs, NASA, Microsoft Wikipedia og Verizon.

CapMon is an MSSP technology partner with Exabeam. Their solutions build on UEBA, (User Behaviour Analys) and may be implementet on top of both existing and new SIEM solutions. Advanceret data science allows for detection of compromised and maliceous users, who previously as almost impossible to find.

Flere artikler fra CapMon