Data is everywhere, but dealing with large volumes of computer-generated / machine data is hardly possible for a team of administrators. For large organizations, daily data amounts can be in the hundreds of gigabytes. Log management is an approach to this issue that allows administrators to collect logs, centrally manage them and set retention policies with accordance to the local laws or company policies.

 

Not all machine data is useful, however, when dealing with security, a small bit of information can be extremely important. Security Information and Event Management (SIEM) helps administrators do just that; going a step further from Log Management, SIEM solutions collect huge volumes of machine data from sources such as end-user machines, servers, network equipment, firewalls, anti-virus and intrusion prevention systems, and provide it to administrators in a readable format.

 

SIEM solutions analyze the collected data and flag any anomalies, presenting them to the administrators. To do that, however, SIEM administrators need to set a carefully planned and implemented profile of their system under normal conditions.

 

While there are different approaches to SIEM systems, two main types are rule based SIEM and SIEM that operate a statistical correlation engine to correlate different logs and bundle them together as necessary.

 

SIEM also assist companies with compliance with standarts such as ISO 27001, PCI DSS and SOX, by allowing administrators to control information and enforce compliance within their organization.