security information and event management (SIEM)

This definition is part of our Essential Guide: How to conduct a next-generation firewall evaluation

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. The acronym is pronounced "sim" with a silent e. 

The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system. 

A SEM system centralizes the storage and interpretation of logs and allows near real-time analysis which enables security personnel to take defensive actions more quickly. A SIM system collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting. By bringing these two functions together, SIEM systems provide quicker identification, analysis and recovery of security events. They also allow compliance managers to confirm they are fulfilling an organization's legal compliance requirements.

A SIEM system collects logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To allow the system to identify anomalous events, it’s important that the SIEM administrator first creates a profile of the system under normal event conditions.

At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced. The danger of this approach, however, is that relevant events may be filtered out too soon.

SIEM systems are typically expensive to deploy and complex to operate and manage. While Payment Card Industry Data Security Standard (PCI DSS) compliance has traditionally driven SIEM adoption in large enterprises, concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer.

This was last updated in December 2014

Next Steps

Karen Scarfone explains the basics of SIEM products in the enterprise.

What are the enterprise benefits of SIEM systems?

Learn how to evaluate SIEM products to determine which are the best for your organization.

Find out why network intrusion prevention systems compliment SIEM systems in this Buyer's Guide series that covers the basics of network IPS systems, lays out the enterprise benefits of network IPSes, and explains how intrusion prevention systems use data from SIEM systems.

How to find the best SIEM system for your company

Continue Reading About security information and event management (SIEM)



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Can go for EventLog Analyzer
You said, "The acronym is pronounced "sim" with a silent e." However as you also stated, there exists a Security Information Management (SIM) and Security Event Management (SEM), so the SIEM has been pronounced like "SEEM" to distinguish it between the others ("sim" and "sem").


File Extensions and File Formats

Powered by: