Security Information and Event Management (SIEM)

The typical IT organization manages multiple systems and applications which run on a computer network generating events which are kept in event logs. These logs are essentially lists of activities that occurred in the organization’s IT platforms, with records of new events being appended to the end of the logs as they occur. The collection, normalization, filtering, and management of those events logs are critical for any organization to provide contextual analysis and correlation of possible threats or breaches to sensitive information. Security Information and Event Management – SIEM helps organizations to effectively manage logs and events, by providing a central interface and tools for analysis and threat mitigation.

To put SIEM in context, a typical user web access may require an organization to put in place a number of systems and zones that protect the user experience and the organization’s assets:

As the user navigates from one website page to the next, multiple systems such as network routers, firewalls, intrusion detection devices, load balancers, application servers, and database systems interact seamlessly to provide the information for which the user is looking. With SIEM, the multiple events occurring in all these devices and computer systems are being collected and normalized to ensure that threats can be pre-empted and sound forensic storage and archival of event logs can be used for audits or reports.

Please click here for a data sheet on Cistel's SIEM solutions.

For more information on Cistel's IAM solutions, please click here.