Welcome to the Smart SIEM blog (if you don't know what SIEM is, this is not your blog).
A picture is worth a thousand words:
All of us who will write here work everyday with SIEM solutions; from the project definition to the managed service, including installation, configuration of log sources and custom content creation. We work within all the sectors mainly in the Norwegian market.
We work together in the same company and the few times we manage to be at the same time in the office, we have long conversations about our vision of the market, our experiences and our challenges. So we have decided to create this blog as point of collection of our thoughts. We want to share them with other SIEM users, and why not get feedback from you.
We'll keep the blog vendor neutral as much as we can in all our posts.
For opening the blog, I'd like to share what I understand as SIEM, for that, I'll use the following definitions from the Gartner SIEM Magic Quadrant 2009 report:
- SIM (Security Information Management) provides log management — the collection, reporting and analysis of log data (primarily from host systems and applications, and secondarily from network and security devices) — to support regulatory compliance reporting, internal threat management and resource access monitoring. SIM supports the privileged user and resource access monitoring activities of the IT security organization, and the reporting needs of the internal audit and compliance organizations.
- SEM (Security Event Management) processes log and event data from security devices, network devices, systems and applications in real time, to provide security monitoring, event correlation and incident response. SEM supports the external and internal threat monitoring activities of the IT security organization, and improves incident management capabilities.
Thanks and welcome to our blog :)
No comments:
Post a Comment