Solutions for Security Information and Event Management (SIEM) are becoming a crucial part of an organization’s security infrastructure. SIEM technology projects are typically oriented to several major use cases: compliance reporting, threat management, incident response, and forensics. Improving reporting and compliance (such as PCI DSS, ISO 27001, and other standards) and security incident identification are the main reasons for solution deployment.
SIEM is an IT Security concept and an integrated IT security solution that covers:
- Collecting, archiving and managing IT system logs and events
- Event processing and correlation
- Automated actions as defined in IT Security procedures
- Forensic analysis
Solutions that cover whole or part of SIEM area, range from systems that collect and manage Events and System logs with basic reporting and alerting capabilities, to the fully-fledged SIEM solutions that support real-time Event collection and correlation, advanced reporting and forensic investigation capabilities, drill-down analysis and much more. Those solutions must support long-term Event and Log archiving and reporting, and must be able to seamlessly integrate with other IT infrastructure and network components. All major logging formats should be supported (Windows Log, SysLog, SNMP, W3C, MS SQL Audit Log, Oracle Audit Log, IBM DB2 Audit Log, AS400 Audit Log,…).
SIEM (Security Information and Event Management) solutions can also monitor and correlate events or transaction logs on an application-level, in order to identify patterns that indicate fraud or IT Security breach. Critical events may pass unnoticed because there’s no cause-effect relationship established between various single events. SIEM solutions do not prevent security attacks by themselves, but as a part of a larger security platform play a critical role in threat detection, real-time reaction, and forensic analysis.
IT Sistemi implement the leading Security Information and Event Management solutions:
- GFI EventsManager – leading Event Management and Event Monitoring solution
- Tripwire Log Center - full SIEM solution, with an option to upgrade to Tripwire VIA security platform
- Q1 Labs – SIEM appliances for a complete overview of Network activities