Security information and event management technology aggregates and analyzes the event data produced by devices, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data. The data is normalized so that events from disparate sources can be correlated and analyzed according to rule sets designed for specific purposes, such as network security event monitoring or user activity monitoring.
Many enterprise organizations can buy a SIEM tool for their network architectures, but the security monitoring capability requires that IT security professionals determine its use cases and set up operational processes. Security professionals need to hire personnel with specific skill sets or train IT staff to “run, watch and tune” the SIEM. Large enterprises must provide constant “care and feeding” of their SIEM deployment to find value.
In this video, Anton Chuvakin describes how to avoid common pitfalls and find value in SIEM deployments at different maturity levels.
Anton Chuvakin, Ph.D., is a research vice president at Gartner’s Technical Professionals’ Security and Risk Management group. As a recognized expert in log management and PCI compliance, Dr. Chuvakin has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. He is also an author of “Security Warrior” and “PCI Compliance.” For more information on Dr. Chuvakin, check out his Gartner blog and follow him on Twitter @anton_chuvakin.