Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM)

SIEM is a generalized term for managing information generated from security control systems and infrastructure. Security systems often only contain information regarding cybersecurity event itself. SEM uses a large lens to look at all sources of security controls or information sources to determine the context of the event, and sort a misconfigured system from an event that could potentially harm your systems.

Information sources include:

  • Intrusion detection system
  • Endpoint security
  • Service logs
  • Asset management system

SIEM is essentially a management tool above your existing systems and security controls. It uses information from your existing systems and cross-references them, analyzing in a single-interface.

SIEM gives our analysts access to information from all present systems, without giving them access to the systems themselves.

To create a total system of cybersecurity management, the SIEM system works with our other managed services:

  • Availability monitoring
  • Intrusion detection
  • Asset recovery
  • Vulnerability scanning
  • Incident response