In order to protect your family, you lock your door before going to bed.
Unfortunately, a baseline security measure such as this is not enough to protect your company’s computer network.
Imagine if your home was constantly under siege; and that deadbolt you used last night is now outdated and about as safe as a Rolex watch on a park bench.
Computer hackers are always evolving. This is why you need SIEM.
“SIEM,” “SEM,” or “SIM”?
All three of these terms are used interchangeably—often pronounced the same—which only adds to the confusion. So here is a breakdown between these confused terms.
SEM – Security Event Management. Their main purpose is to provide real-time monitoring to support all IT security implementations. If there is one key element that differentiates SEM from SIM, it’s that SEM deals with real-time monitoring.
SIM – Security Information Management. A chief characteristic of the SIM is to collect and correlate data as well as to create an indexed log repository for data. It is important to understand that SIM (unlike SEM) does NOT work in real-time.
SIEM – This term was coined in 2005 by Marc Nicolett and Amrit Williams. It stands for Security Information Event Management. And just as the name would suggest, it is the combination of SEM and SIM.
In the world of information technology, there is a ton of noise daily; think of the millions of security messages your system sifts through.
What SIEM Does—The importance of “LARD”
In an industry that is acronym-obsessed, here is one more that will help you remember the key aspects of SIEM. Just remember this type of “LARD” is essential to your system’s health…
• Log Retention – One of the most important functions of SIEM is to gather all the information to be logged and stored. This creates a baseline for comparison to better spot any security breaches.
• Alerts – Creates an automated analysis of events; if anything out of the ordinary is detected, an alert is sent to the dashboard and/or a third party channel.
• Reports – Once information is gathered and any deviations from the known baseline are identified, a report is recorded and is brought to the attention of the user via an alert.
• Dashboard – In order to make data easier to assess, informational charts are created to make non-standard patterns identifiable.
Questions? Contact EzFIM Today
At EzFIM, we will gladly answer all of your questions. For more information on how EzFIM can provide cost-effective protection for all of your company’s security needs, call us today at: (855) 393-4666, or email us at:firstname.lastname@example.org.