SearchSecurity.com Definitions (Powered by WhatIs.com)

Look up tech terms

Powered by: WhatIs.com

Search listings for thousands of IT terms:

Browse tech terms alphabetically:

Look up tech terms

Powered by: WhatIs.com

Search listings for thousands of IT terms:

Browse tech terms alphabetically:

security information and event management (SIEM)

Definition-

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system.  The acronym is pronounced "sim" with a silent e. 

The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary.

SIEM systems collect logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To allow the system to identify anomalous events, it’s important that the SIEM administrator first creates a profile of the system under normal event conditions.

At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced. The danger of this approach, however, is that relevant events may be filtered out too soon.

SIEM systems are typically expensive to deploy and complex to operate and manage. While Payment Card Industry Data Security Standard (PCI DSS) compliance has traditionally driven SIEM adoption in large enterprises, concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer.


last updated01 Oct 2012


Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

Related Content

Related glossary terms

Terms from Whatis.com − the technology online dictionary
  • PCI assessment  (searchSecurity.com)
  • A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI QSA  (searchSecurity.com)
  • Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services